no, no, and no

.. or random replies to other blog posts.

Francesco P. Lovergine: Contrary to what you say, your mails for proftpd were not "parked" in the testing security team mailing lit. They were ignored because we were already tracking the issue at the time. All known security fixes for proftpd have already entered testing. Our vulnerability tracking information is publically available and well-documented.

Also, if you neglect to use the BTS for security issues, that is your own problem, the resulting insecurity of your packages is your fault and I have no sympathy for you.

Scott James Remnant: Merging a bunch of translation updates that were developed somewhere else into d-i "right before a release" would result in an unusable release for at least the languages so merged and quite possibly would generally break it. d-i has constraints like needing to fit all the translations on particular sized media. It's also fairly hard for translators to get a working translation of d-i blind without testing it, and testing it as a third party is hard. This may not be true of other software such as dpkg, but it's manifestly true of d-i.

The l10n-sync stuff is unfortunatly noisy, but distributed revision control, while admittedly an awefully big and keen hammer, is not a solution.

Also, the idea of losing a bunch of useful historical data when landing a large patch from a co-developer is one of the things about some distributed RCS systems that gives me the screaming horrors.