On 2013-03-19 16:52, Jérémy Bobbio wrote:
Even if a dedicated team is supposed to care about security in
testing [1], the dedicated mailing-list [2] has not seen an
announcement
since February 2011.
Debian Security Advisories don't only comment on the stable for stable
-- looking through recent DSAs, most of the time a fix has been ready
for testing as well as stable.
Dear candidates, do you think it would be wise to advertise `testing`
as
a usable distribution to our users given that state of affairs?
I am already happy to advertise testing to large categories of users,
so yes, as long as the reasons to choose this option compared to stable,
and reasons to avoid it, are made clear.
Are you only talking about increasing "official" mention of testing as
an option, or do you think that individual people don't feel they are
welcome to advertise testing? (If so, why do you think they don't?)
Given
that our security support for stable is already not as best as it
could
be, do you think we should encourage volunteers to be more active in
security support for testing?
From our current starting point, I don't see that encouraging more use
of testing would be likely to harm stable security support. I am
slightly worried that if we had a popular rolling release different from
current testing it might indirectly harm the quality of the stable
releases, but I still wouldn't see that as a reason to try to discourage
people working on things they want.
Do you have ideas on how to attract more
volunteers to the dull, hard, and sometimes boring tasks of taking
care
of security issues in Debian?
It's not clear to me why you seem to think that dealing with security
issues is more dull/boring than general package maintenance! Locating
security issues may sometimes be challenging, but can be quite fun; the
prospect of early access to embargoed information can attract some
people; and working across the whole distribution should be more
varied/interesting than working on individual packages. Perhaps part of
the way to attract more people could be to look for them while
emphasising these positive aspects? I equally don't think we should
assume that something being hard will in itself discourage volunteers.
In practical terms I don't see any difference from how to get more
volunteers for anything in Debian: those currently involved and others
interested in the topic should provide clear documentation (including
e.g. wiki pages with current status and things people could work on),
advertise what's happening and the desire for volunteers on the mailing
lists, and reach out to people working on related topics for ideas and
possible direct help.
--
Moray
--
To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/1d80ba81653598f2605978ba173c1...@www.morayallan.com
