On Wed, 2007-05-30 at 16:48 -0700, Steve Langasek wrote: > On Wed, May 30, 2007 at 09:38:16PM +0100, Ben Hutchings wrote: > > On Tue, 2007-05-29 at 19:46 -0700, Steve Langasek wrote: > > > On Tue, May 29, 2007 at 11:51:38PM +0100, Ben Hutchings wrote: > > > > There were some discussions on -private (and possibly here?) earlier in > > > > the year about quality vs quantity of packages. > > > > > It should be clear to most developers that our many packages are not all > > > > equal in quality; nor are all maintainers. Not everyone is aware that > > > > packages in a stable release may have serious known bugs - even security > > > > bugs - that won't get fixed because of overstretched or MIA developers, > > > > or lack of upstream support. > > > > What evidence do you have that serious security bugs "won't get fixed" in > > > a > > > stable release because of MIA developers? > > > Search for "years" in > > http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=tag&data=security&archive=no&version=&dist=stable&pend-exc=fixed&pend-exc=done&include=security > > If I search on > http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=tag;data=security;archive=no;dist=stable;pend-exc=fixed;pend-exc=done;include=security;severity=critical,grave,serious > (since the question was about "serious security bugs"), the only matches are > listed as "From other Branch", meaning that the versions listed as affected > in the BTS are not versions present in stable. <snip>
I'm sorry, I did not use "serious" in the precise sense of the BTS. I
meant that there were bugs that could have serious consequences for some
users, which is true of many bugs with severity = important. Also, this
release is relatively new and has had less time to accumulate bug
reports. sarge is in a worse state.
Ben.
--
Ben Hutchings
The generation of random numbers is too important to be left to chance.
- Robert Coveyou
signature.asc
Description: This is a digitally signed message part
