On Tue, Aug 20, 2013 at 6:25 PM, Ian Jackson <
ijack...@chiark.greenend.org.uk> wrote:
> > The bigger problem for a Debian LTS is this: 1. who is going to do
> > > security support for it ?
> >
> > The same people that maintain the packages in sid and stable: the
> > maintainer(s) for each package. [...]
>
> That is not the case. At the moment most of this is done by the
> Debian security team. Of course some package maintainers do help.
>
>
IMHO that should be turned around: package maintainers should be the ones
responsible for updates and the Security Team should help with that (e. g.
by providing tips and/or reviewing the fixes)
> For orphaned packages, NMUs by other
> > developers or even a new maintainer team ("foster-car...@debian.org").
> > Providing fixes, security or not, is our part of our duty as Debian
> > developers. Sure, packaging new upstream versions is always more exciting
> > than fixing a broken version/package but it needs to be done.
>
> You seem to be saying "this is an important thing to do - will you
> all please go and do it".
>
>
Exactly. That's what I do for my packages (in fact I backport newer
versions of some of my packages to every Debian and Ubuntu which is still
supported).
> That's not how things work. In summary, unless and until we have
> people who volunteer to do the security support for an LTS, we won't
> have an LTS.
Maybe I'm wrong but I fail to see why "security support for LTS" should be
a different team than "security support for stable". To me, it should be
the same team, and maintainers and packages should be #1 in the list of
people to work on fixes, as I said above.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
