The Debian distribution, attempting to be our "universal OS" has just too many packages in the release that the underlying software is not release quality (It would be interesting to find out exactly how many packages in Sarge are pre-1.0 or just a CVS snapshot). This has several consequences:
- much more bugs, including RC bugs
- moving target, especially pre-release quality libraries.
- QA and bug fixing of packages is not similar for popular packages maintained by competent developers than for niche packages, this means more work for the Release Team if developers don't NMU for RC fixes
This net growth (sarge will have 9000+ packages more than woody, woody had 4500+ packages than potato and so on) has consequences both for release and the overall quality of the distribution. It also has direct consequences for the security support post-release:
- more pre-release software means more security bugs that need fixed by backporting patches, or possibly writing the patch from scratch as it may be abandoned by the developer for a new library that is not in debian stable.
- many niche packages means security bugs due to poor (or unaudited / underused) code
Maybe popcon needs to be used to trim down the list of packages distributed in the release... Although releasing woody without mozilla would have been unacceptable, even though mozilla was pre-release software,