Re: bullseye / libgdbm6:amd64 is a catastrophgy

To: debian-lts@lists.debian.org
Subject: Re: bullseye / libgdbm6:amd64 is a catastrophgy
From: Roberto C. Sánchez <roberto@debian.org>
Date: Fri, 25 Aug 2023 07:02:07 -0400
Message-id: <ZOiKL9/0wXhCrvp1@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
In-reply-to: <[🔎] CALci+FTqXQwXrZbdHAgCW2yULfVgtmAMa_ELciw+dZUVm+LBXA@mail.gmail.com>
References: <[🔎] ZOhzQnO4vYenU6e1@alphanet.ch> <[🔎] ZOiCukBoE3vCHYJx@connexer.com> <[🔎] CALci+FTqXQwXrZbdHAgCW2yULfVgtmAMa_ELciw+dZUVm+LBXA@mail.gmail.com>

On Fri, Aug 25, 2023 at 06:45:55AM -0400, PICCORO McKAY Lenz wrote:
>    this bug is not specific, the proble is that not all users report the
>    problems, just change the distro.. a normal tendency
>    in my case i downgrade to strecth and just works.. upgrading its not
>    always the right choose

Just as fixing the bug is not always the right choice. As Sylvain noted
in another reply to Marc elsewhere in this thread, the LTS team tends to
trust the informed opinion of the maintainer. Since the maintainer is of
the opinion that a fix to this bug is a risk "since it could break other
installations that used to work well", the LTS team is not likely to
override that without abundant good reason.

>    its pretty unconfortable that an important bug will be not solved just cos
>    "its not popular" (only happened to one user) inclusivelly being
>    catastrophic!

The problem is not that only 1 user reported the bug. Even if 100 or
1000 users reported having the same issue, we would still need to ask
the question, "what is the risk to fixing this?"

If that risk is too high, then the safer course of action is to allow
the bug to remain unfixed. It is not primarily a question of popularity,
because the LTS has at times fixed security issues that we are quite
confident affect only single user. However, when an issue carries the
possibility of disruptive chaneg to many user, the issue in question
must be of a severity to justify that risk. The maintainer seems to
think that is not the case here.

Additionally, as noted in the discussion in the bug and in this thread,
there are multiple workarounds/alternate solutions available. Please
make use of one of those if this particular bug affects your individual
use case. To claim that "because this bug affects me, it *must* be
fixed, even when it does not meet the criteria for a normal security bug
and when the maintainer thinks there is a risk of breaking working
configurations for other users" is somewhat inconsiderate of others and
shows a disregard for the rather robust process that we try to utilize
to ensure that we properly balance the needs of everyone involved.

Regards,

-Roberto
-- 
Roberto C. Sánchez

Reply to:

Follow-Ups:
- Re: bullseye / libgdbm6:amd64 is a catastrophgy
  - From: Chris Frey <cdfrey@foursquare.net>

References:
- bullseye / libgdbm6:amd64 is a catastrophgy
  - From: Marc SCHAEFER <schaefer@alphanet.ch>
- Re: bullseye / libgdbm6:amd64 is a catastrophgy
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: bullseye / libgdbm6:amd64 is a catastrophgy
  - From: PICCORO McKAY Lenz <mckaygerhard@gmail.com>

Prev by Date: Re: bullseye / libgdbm6:amd64 is a catastrophgy
Next by Date: Re: bullseye / libgdbm6:amd64 is a catastrophgy
Previous by thread: Re: bullseye / libgdbm6:amd64 is a catastrophgy
Next by thread: Re: bullseye / libgdbm6:amd64 is a catastrophgy
Index(es):
- Date
- Thread