>>>>> "Gerfried" == Gerfried Fuchs <[EMAIL PROTECTED]> writes:
Gerfried> * Sven Luther <[EMAIL PROTECTED]> [2003-05-16 Gerfried> 13:33]: >> Such a package should be as close to possible to the version >> actually in testing, and not depend on packages and/or versions >> that are not yet in testing. Gerfried> So, you request more or less that every developer Gerfried> should backport fixes themself from the usual new Gerfried> upstream version that fixes the problem (and mostly Gerfried> always have new features too) to the version in testing, Gerfried> which might even be older than just one upstream Gerfried> release, due to usual holdups in the transition. It Gerfried> sounds like you like to have every developer be able to Gerfried> do what the security team does. That requires much skill Gerfried> -- much more than most of us possess! I'd actually hope that you would be capable of doing this sort of back porting for any package you maintain. You should certainly be doing this for packages in stable, giving the security team tested patches, rather than having them do the job of maintaining your packages for you. Sure, that's an ideal. And perhaps you don't have these skills yet and are still working on gaining significant skill with your packages and with the languages they are written in. If so, then you should look for co-maintainers who do have the necessary skill sets to provide security updates for your packages. Even if you completely ignore testing security, anything you can do to reduce the work load on the security team will mean that Debian is less behind on publishing security updates and will better help us serve our users. --Sam