* Florian Weimer <[EMAIL PROTECTED]> [2004-11-22 18:14:01 +0100]: > it seems that the lack of security buildds is the biggest obstacle to > the sarge release. Yes, I hate it as well that there's no visible and "fast" progress on this issue.
> Why can't we treat security support like a broken package, and remove > it if it isn't fixed by its maintainers? Because you miss the point. You remove the package from the archive, and not from the users' system. So the users would be still vulnerable, and everyone would hate Debian. Also, think about it: would you remove XFree86 if a security related bug is found? What would you do with Gnome/KDE/etc then? There are dependencies and reverse dependencies as well... > I hate this approach as much > as the next guy, but it might be the only way to make progress with > the release, for the foreseeable future. No. I have a fear that most users don't upgrade their Woody to Sarge because there's no security support. Thus when it will happen finaly, I suspect an increase of bugrepors of upgrades/usages. > Security support could be > added in a point release, completely transparently to Debian users, > when the resources become available. Theoriticaly. See above. Cheers, Laszlo/GCS
