Web lists-archives.com

Re: Debian Stretch new user report (vs Linux Mint)




On 01.12.2017 16:34, Scott Kitterman wrote:
> Testing doesn't have security support (and since neither the security team nor maintainers can upload to it, it's the most problematic choice from a security support perspective).  I don't think that's suitable to recommend to end users of any sort.

I mean that's not really true. Both can upload to it, it just needs to
be accepted manually. They generally don't do it, though. So whenever a
DSA is published you don't necessarily get an update right away. Many
advisories don't talk about unstable either and the maintainer might not
even be aware of the security issue[0]. It feels like at some point this
needs to be addressed in some way by the project, though.

(I know. We're all volunteers and all. But at the same time we try to
assemble something useful in the form of testing and by some extension
also unstable.)

Kind regards
Philipp Kern

[0] I hope that's actually wrong but I wouldn't be surprised if the
maintainer is not contacted in the most severe instances.