Adam wrote: > I'm not entirely sure how you think p-u is better placed to do so, given > the amount of visible testing packages from it get before a point > release.
It's not necessarily for the additional testing done on p-u (although I personally use it like that and probably others well), but there's a number of technical features which make spu "suck less" which are currently lacking in the security.debian.org infrastructure: - Lack of visible apt source for people to test (#817286) (biggest blocker) - Bottleneck of not being able to delegate allowing maintainers of webkit rdeps to release compatibility updates via security.debian.org (#817285) - No possibility to trigger binNMUs of rdeps without a sourceful upload (not sure if that's necessary for the changes imposed by newer webkit releases, but it's also a serious problem for go-based apps Especially the first two points are critical to address mid-term if we want to ensure security support is sustainable in the years to come. Either by finding new volunteers to work on that or by funding the development of these features in some way. Cheers, Moritz