this is tangential to this topic, but i'd like to suggest that rpms not be moved into the updates directory (from updates-testing) until they are officially announced. i have some systems using yum to grab updates and some that mirror from the web site and today i noticed that ethereal got updated on the mirrored boxes, but not on the yum boxes. from this discussion i see that ethereal isn't official yet but it is in an area that i (maybe naively) think of as official. On Sat, 31 Jan 2004, William Hooper wrote: > > David Rees said: > > If the vulnerability was that serious, there would be more people > > interested in testing the package. In the case of ethereal, it seems > > that not many people are interested in the package, hence the low > > interest in testing it. > > http://www.debian.org/News/2003/20031202 > > Some vulnerabilities only become "Serious" after the fact. > > So, a package sits in testing for a week, gets pushed to updates. The 1 > person that is using it starts to complain about something. This would be > a great time to introduce this person to the QA process and get them > involved. > > I think the majority of the time the case would be that a number of people > have downloaded that package and not bothered to "official" give it a > thumbs up. No news is good news. > > Using the ethereal example: If you have a serious need for it, then you > need to test it. Isn't that part of having "community" updates, that the > "community" decides how good the updates are? > >
