[cut-team] CUT thoughts

[Joey Hess]

Anthony Towns wrote:
> For me, the proposals that I think will make this better for me are
> regular/frequent snapshots of testing and security support for them.
> That way I can directly install the most recent snapshot, set it up to
> automatically install security updates, and plan for functionality
> changes when the next CUT snapshot happens.

I've had limited time for CUT this week, but FWIW, aj and I seem to be
almost entirely on the same page about CUT.

> To me, that means starting by choosing a day to snapshot testing every
> 3-6 months, including an installer for the snapshot, and doing
> security support for the snapshot until (at least) the next snapshot
> is released.

I'm afraid it's a lot of work to get a snapshot to even stable's level
of security support. Even with the security team already handling all
CVE tracking and triage, you're still looking at doing an equivilant
amount of security releases as are done for stable, and probably a lot
of them will need backporting of fixes. I am not sure CUT has enough
interested people involved yet that we could manage it if they all
somehow worked on this one thing.

Suppose we did manage it.. If a new CUT snapshot is taken every 3 to 6
months, and presumably support for the old snapshot is dropped, users
would need to upgrade to the new snapshot (or on testing), every 3 to 6
months to continue to get security support. So there's still a
semi-frequent upgrade requirement.

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/cut-team/attachments/20100816/195fe88d/attachment.pgp>