Fwd: Re: releasing updates-testing packages without VERIFY votes

[Mike McCarty]

Jason Lim wrote:
> To tell the truth, to me at least, to support legacy systems I only really
> care about critical security updates that could remotely compromise the
> system (not even theoretical stuff is of interest). Even local compromise is
> not THAT important to me... but in my view, a critical remote vulnerability
> should get priority, and at least those should get tested, everything else
> can really take the back burner.
> 
> I think we need to spend our very limited energy more productively.
> 
> If someone wants to use updates that supposedly haven't been tested, they
> can use the testing respository, right? Nothing stopping them from using it.
> As for everyone else... I'm more about plain old stability. Think about the

Sir, you have struck the nail upon the head with perfect orthogonality.

Why Legacy support? For stability. Putting things into a "release state"
without "full" (whatever that is) QA compromises stability. So if you
do that, then why have the Legacy support at all? No reason that I can
see. If Legacy support does this, then I'm moving to CentOS.

[snip]

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!