On Di, 28.12.2004, 02:24, Michael Stone wrote: > On Thu, Dec 23, 2004 at 05:16:39PM +0100, Florian Weimer wrote: >>However, most of our packages haven't got test suites, and our >>dependency graph is certainly more convoluted than Red Hat's. For >>example, Red Hat probably has only a handful packages which depend on >>PHP. How do we make sure that the upgrade does not break any of the >>PHP-based packages we ship? > > Good question. The question that needs answering is whether we are > happier having secure, broken systems than insecure systems that > otherwise work. As soon as you start changing things you risk breaking > something, and we don't really have (IMO) a good line drawn. > >>My current idea is to borrow an idea from Microsoft: Create a Patch >>Validation Program. > > That might be a possibility--an unstable/testing model for the security > archive.
I think we would need a new distribution e.g. 'sec-stable' for testing new security patches. So someone would be able to choose between 'more stable but less secure' or 'less stable but more secure'. Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
