[Python-modules-team] python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
Raphael Hertzog
hertzog at debian.org
Wed May 24 09:55:45 UTC 2017
On Wed, 24 May 2017, Jan Ingvoldstad wrote:
> Basically: if you need security updates, don't rely on backports, don't put
> things in backports. The backport policy is incompatible with keeping
> systems up-to-date and secure.
[...]
> I strongly recommend not using backports for anything else, and certainly
> not in production.
This is not in line with DSA's policy. If we need anything newer than
stable for a service hosted by DSA, then we have to use packages in
stable-backports.
This is because backports maintainers are expected to keep the packages
they upload there as secure.
If the rules are not allowing us to do that, then the rules are bad.
That said, just because we need something newer and secure, does not mean
that we always want to track every major update from testing during the
whole lifetime of stable-backports.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
More information about the Python-modules-team
mailing list