On Sun, 2004-08-08 at 21:59, Jeff Spaleta wrote: > On Sun, 8 Aug 2004 15:31:35 -0400 (EDT), Tom Diehl <tdiehl@xxxxxxxxxxxx> wrote: > > As Jesse previously stated it would > > be nice if changes like this were done in conjunction with the next release > > AND documented. At least then we know what is going on. > > Personally I'd settle for getting Core developers to actually use the > updates-testing repo > for all proposed updates. Even if the maintainers pushing the > update...in their infinite wisdom..know there are absolutely no > packaging bugs or other problems inherent in the package, having it > available for a few days (even just 1 day) in testing for competent > people in the userbase to use before its pushed for general > consumption wouldn't hurt. it's a balancing act; do we delay the serious security hole fixes a day or not..... it's not an easy question. Right now the severity of the security problem made me decide against a day in testing but instead go live right away (based on a kernel that has been in rawhide for over a week). I hope you understand that that is a judgement call on a case by case basis (yes I know lame argument), but the fact that this security issue was going public with an exploit made me and Dave decide to go live instantly and not after 24 or 48 hours.
Attachment:
signature.asc
Description: This is a digitally signed message part
