Web lists-archives.com

Re: What can Debian do to provide complex applications to its users?

 ❦ 21 février 2018 07:07 +0100, Alexander Wirt <formorer@xxxxxxxxxx> :

> No, backports doesn't have official security support in the meaning that
> the team is tracking and looking after security issues in backports.
> Nevertheless every backporter has to care about security, we do expect that
> uploaders care about their packages - this does of course include security
> support.

The net result for our users is that backports should not be expected to
be up-to-date with security. It took me approximately one minute to go
through latest DSA to find an example: Exim in backports is
4.89-2+deb9u1~bpo8+1. 4.89-2+deb9u2 has been uploaded in
December. 4.89-2+deb9u3 has been uploaded in February.

I think backports are a great asset for Debian and a clear advantage
over other stable distributions. But we shouldn't lie to our users by
telling it is security supported (and, as a matter of fact, we don't).

I am sorry if it sounds like criticism, it shouldn't. I am only trying
to show we already have a non-security-supported archive in Debian (or
best-effort-security-supported archive if it sounds better).
Hain't we got all the fools in town on our side?  And hain't that a big
enough majority in any town?
		-- Mark Twain, "Huckleberry Finn"

Attachment: signature.asc
Description: PGP signature