[long] Canonical are you serious?
Matt Zimmerman
mdz at canonical.com
Mon Jan 24 06:35:22 UTC 2005
On Mon, Jan 24, 2005 at 07:47:08AM +0200, Sean Wheller wrote:
> What you are saying is that your team does not know how to run a security
> audit or does not have a protocol for testing security. So they don't want to
> have the overhead. Well, I would have thought with all the expertise running
> around, that somebody would be able to create an update to 1.1.1/2, test it
> and add it to the package management system. Besides we don't need http://
> access, we can just use the std in std out running as a service. SVN is
> quite secure in this mode.
What he is saying is that updating to a version of Subversion newer than
what is available in Warty involves duplicating the effort of applying
security fixes on an ongoing basis, which is absolutely accurate.
> Sure install Bazaar, but get them to do it yesterday. Not by the end of
> January or next month, or whenever. It should have been installed long
> ago. However, some people, already are shy of all the changes. I can't
> say they will want to start using it. Personally, I don't care much which
> system is used, so long as we use one and we can implement features that
> help us.
The Bazaar team would probably be ecstatic if the documentation team decided
to adopt Bazaar as a standard for revision control, but my understanding is
that you chose Subversion instead. To be honest, Bazaar has some rough
edges which probably need smoothing before it would be suitable for you, but
the Bazaar team is working aggressively on usability.
> Enrico, why do we have to be pessimistic. This is the problem. Is support from
> Canonical is always going to be a case of, "Let's hope and pray."
As discussed with Enrico on IRC, I have agreed to be a liaison between
Canonical and various Ubuntu teams. I don't intend for this to be a "hope
and pray" relationship.
> All the more reason why I would expect Canonical to be more interested and
> attentive.
Understand that this is a very rapidly growing operation, with many projects
involved and expanding as well. There are bound to be growing pains. The
best that we can expect is that problems are addressed as they come up, and
not before.
Again, I am available as a point of contact on Canonical-related issues. I
can't promise to monitor every message on ubuntu-doc, but if you address me
personally, I will generally respond.
--
- mdz
More information about the ubuntu-doc
mailing list