> > Did you realize before this rant that this is already the policy, and has > been documented in the Security Team FAQ for several years now?
This is not a rant, its cutting through the horse crap. If what I am suggesting is already policy then why are we having this discussion? Why was there ever an unsecure version of Mozilla in Woody? Why in Sarge? If the "stable" version is broken and its impractical to fix it - what you have said multiple times now - then put in the new one. Warn managers of dependent packages and give them a short but realistic release date. Leave the old package around so their packages don't instantly break if they miss the dead line or someone values their status quo more than a secure system. I don't really even think maintaining the old version is neccessary, thats what pinning/holds are for. This is already what happens for kernels. > We already have hardware to build packages; that's not a problem at this > time. Fine, then mail me with what else I can do. If we go about it in a sensible method I'm more than willing to help. What I don't want to see is this discussion drag on eternally on woe-is-me-they-wont-play-like-i-like-i-hate-change fashion, and the situation either not be resolved or we do something stupid like drop mozilla. Just for the record I also vote against volitol. Security changes should go into stable proper. david. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
