On Mon, Feb 12, 2001 at 10:43:33AM -0200, Carlos Carvalho wrote: > Andreas Tille ([EMAIL PROTECTED]) wrote on 12 February 2001 11:32: > >IMHO people of security team shouldn't spend their time to serve > >security fixes for testing. People who want to use testing on > >security relevant machines should know what they do and should be > >able to handle those issues themselves. Those hazardeurs could try > >to fix important bugs of the package which is stick to unstable for > >whatever reason which would help the whole distribution or backport > >the stuff themself. > What's the purpose of testing exactly? If it's a preparation for > becoming stable it should obviously include the security fixes, > otherwise when the transition testing -> stable happens you're...
It does include security fixes, it merely doesn't include them in as timely a manner as security.d.o provides for stable. This is fine for release purposes, but possibly not so fine for people actually running testing. (Note that security updates for unstable aren't necessarily timely either; there hasn't been an update for bind for m68k made available, eg. This mightn't bother you if you're running i386, but it can be a problem on other architectures. testing "suffers" from a least-commond-denominator sort of problem wrt this.) > If this issue isn't explained I'll just move to unstable and ignore > testing, because going back to stable is no option. If you're using stable, you can just point apt at security.d.o and not have to worry about anything much. You also get a single list to monitor for security issues. In principle. If you're using testing, you can watch out for security updates, and only have to worry about occassional problems and inconsistencies: you don't end up with perl broken, eg (at least so far :). You have to get some of these updates from unstable, or build them yourself, which is difficult (at least while apt 0.4 is unreleased). If you're using unstable, you don't get any assurances at all, but fixes generally come out fairly quickly. Cheers, aj -- Anthony Towns <[EMAIL PROTECTED]> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``_Any_ increase in interface difficulty, in exchange for a benefit you do not understand, cannot perceive, or don't care about, is too much.'' -- John S. Novak, III (The Humblest Man on the Net)
pgpDQjSPHvlMI.pgp
Description: PGP signature
