[Grml] Re: Debian Etch and grml

Marc Haber mh+grml at zugschlus.de
Tue Jan 16 12:48:13 CET 2007

On Sun, Jan 14, 2007 at 02:03:57PM +0100, Michael Prokop wrote:
> * Marc Haber <mh+grml at zugschlus.de> [20070113 14:15]:
> > On Mon, Jan 08, 2007 at 06:01:31PM -0700, s. keeling wrote:
> [Debian Testing]
> > > That's also the best place for a newbie to be.
> > I disagree with that. Testing might be broken once upon a time, and
> > when you're not able to fix this you don not belong on Testing.
> Especially as Debian testing does not get real security-support. :(
> That's not really relevant for workstations for me, but straight
> before a new stable release is available that's an important point -
> at least for me.

There is some kind of Security Support for Debian testing, by means of
the testing security team. Unfortunately, they're missing a lot of the
transparency I'd like to see from a security team, but that's nothing
new for Debian. I plan to blog about this in the near future once I
find the time.

Unfortunately, even stable security support has been somewhat
deteriorating since the sarge release, I hate to say. Especially in
the past few months, in more than one case a security fix has reached
testing by means of a normal unstable maintainer upload and normal
testing migration before the stable security team issued the fix for
stable. In theory, stable security could be much faster than a
maintainer upload since the stable security team has access to
embargoed vulnerability reports, which the normal maintainer does not
have. This is all quite disappointing :-(

> > Stable is the best place for a newbie to be.
> "If it works" (the "brand new hardware problem")

Yes, Debian needs to address this.

>  and if the newbie does not need support from upstream (see my other
>  mail for more details).

This is an issue, yes.

> > >   Helping to test testing helps Debian produce sable.
> > Yes, but bug reports from newbies are seldomly useful. Which is no
> > offense to the newbie; isolating and reporting bugs is a form of art.
> Yes, at least regarding bug reports for package maintainers. ;) But
> newbies can often locate problems in software because they lack
> developer's "business blindness" (Betriebsblindheit). At least
> isolating bugs is usually possible even with newbies, especially if
> they have support on their side (instant messaging, irc,...).

If you have a quick means of communications, things can work, but
debugging via E-Mail with a newbie is a useless waste of time.

> > >   That said, Debian's unstable is more stable than many distros'
> > >   stable release.
> > Disagreed here. Especially in the period right after a stable release,
> > unstable's breakages can be horrible.
> The package freeze for Debian etch took place a few weeks ago. The
> unstable pool is "moving [nearly] as usual"

NACK. We did not have any library transitions for months, and new
upstream versions are being withheld.

>  and I don't notice any serious problems - and don't really expect to
>  find any when etch is out. :)

I remember the PAM breakage where login to an unstable system became
impossible. Without grml, I would have been in serious trouble back


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Grml mailing list