-testing timeout

[William Hooper]

David Rees said:
> If the vulnerability was that serious, there would be more people
> interested in testing the package.  In the case of ethereal, it seems
> that not many people are interested in the package, hence the low
> interest in testing it.

http://www.debian.org/News/2003/20031202

Some vulnerabilities only become "Serious" after the fact.

So, a package sits in testing for a week, gets pushed to updates.  The 1
person that is using it starts to complain about something.  This would be
a great time to introduce this person to the QA process and get them
involved.

I think the majority of the time the case would be that a number of people
have downloaded that package and not bothered to "official" give it a
thumbs up.  No news is good news.

Using the ethereal example:  If you have a serious need for it, then you
need to test it.  Isn't that part of having "community" updates, that the
"community" decides how good the updates are?

-- 
William Hooper