%% Kurt Seifried <[EMAIL PROTECTED]> writes: ks> One question: where is it explicitly stated that Debian backports ks> fixes and that one needs to read /usr/doc/*/changelog?
I'll answer this on two levels: First, if you're writing an article on a subject for publication it behooves you to find this information, even if it's not explicitly stated. In other words, if you think to yourself "hey, that's strange, this system seems to be shipping old, security-problem-ridden code!" (which you basically said you thought in your article) then you should try to find out if that's really true. One excellent way to do that is by posting one simple message to this mailing list. If this had been done, you could have blasted Debian for documentation issues, while still performing a valuable service by educating people, via your article, on how Debian handles security updates :). Second, you are absolutely, 100% correct that there is a serious lack of coherent documentation in these areas when it comes to Debian. There are a lot of things one is just kind of expected to "know"; or at least I haven't found anyplace that brings them all together. Some other examples from just the last week or so: information on Debian runlevel handling, and information on how Debian expects to share devices (group permissions for /dev/sound, etc.) The Debian Guide is great for newbies but doesn't have much information for experienced users. Manuals for newbies are very important, of course, but Debian really needs either an appendix or another document that provides this more detailed, distro-specific information. Some kind of "Introduction to Debian for UNIX Admins". I think Debian has many more experienced UNIX/Linux people migrating to it than other distros, and so this kind of "migration guide" is more important to Debian. Please don't mark this as criticism per se: I maintain a manual too and I know how hard it is. I hope this is taken as encouragement for more people to spend some time on this. IMHO, FAQ-O-Matic is a _very cool_ tool and that should definitely be revived and expanded, but a more "manual-like" document that could be shipped with Debian would be even better. Maybe even something in the install that asked if you want to read it... ks> I spoke to several friends, comp sci, one with a degree in ks> software engineering, and they all agree this is a horrible way to ks> do things (the software engineer went so far as to say "a little ks> piece of me dies everytime someon does something like that"). Uhm. Can you provide more details about exactly what they're objecting to? Backporting specific fixes to earlier releases is not only not "a horrible way to do things", but is absolutely de rigueur in the industry. You can't afford to put the entire set of potentially very destabilizing changes into a current or almost-current product! Instead, you extract the most important fixes and port them back into the stable release so people can get the benefits of that specific fix, in a stable environment. Most everybody does this. Even the Linux kernel, for example. Many of the packages which have security fixes announced on CERT, etc. provide patches for older releases in addition to saying that the latest release has fixed the problem. I just don't understand your friends' revulsion. -- ------------------------------------------------------------------------------- Paul D. Smith <[EMAIL PROTECTED]> Find some GNU make tips at: http://www.gnu.org http://www.paulandlesley.org/gmake/ "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
