Hello world,
As of the weekend just past we've finally obtained the legal advice we
needed to go about putting crypto in main. This was the final policy
issue I'd been waiting on to move the freeze onward, so, voila, the
freeze moves onward.
As of today, policy is frozen. Any further changes to packages need to
be made by unanimous agreement amongst all the maintainers the change
will affect.
Some important changes to debian-policy are documented at
http://people.debian.org/~ajt/woody_policy_addenda.txt
These shouldn't affect most poeople directly, but I'd encourage you to
give it a quick skim.
Further, as of today, no new packages will be being added to base. This
especially means maintainers of base packages should definitely
avoid fiddling with their dependencies, or compiling against new
libraries. Additionally, base packages should *not* be bumping shlibs
versions from this point, under any circumstances (Hi BenC!).
The freeze goals as of now are to make sure standard, boot-floppies,
and debian-cd are releasable, and to fix up any remaining bugs in base.
Remaining RC base bugs are:
console-data
116022: broken on PPC (3 weeks old, patch)
cyrus-sasl
115708: FSH non-compliances (3 weeks old)
118004: security bug (under a week old, patch)
debianutils
113453: poor behaviour of rotatelog (over a month old, not RC?)
gcc-2.96
115978: broken stringstream behaviour (3 weeks old)
manpages
90901: copyright doesn't list upstream source (7 months
old, patch)
openldap2
112499: remote crash bug in openldap (over a month old)
pcmcia-cs
109903: unresolved symbols (2.2.19-pmac)
116479: user build problems; user error?
116603: user build problems; not RC?
97188: uninstallable (2.2.19-pmac)
ppp
117497: unversioned build-depends (a week old, patch)
slang
115376: slang-utf8 severely broken (four weeks old)
118003: overflow bug with large windows (under a week, not RC?)
util-linux
118367: embedded ppc breaks util-linux (under a week, not RC?)
There are large numbers of non-RC bugs in base packages too, that should
be being worked on over the next couple of weeks if possible. The emphasis
is on making base packages *work* though, not on doing risky things that
will make them better in the long term.
Additionally, two new architectures, hppa and S/390 are having significant
problems: hppa's toolchain has been completely broken recently, but seems
like it will be fixed by the end of the week; and S/390 needs some support
in some packages due to its different environment compared to most ports:
db2/db3
114574: S/390 support (over a month old, patch)
db3
98918: S/390 support (over 5 months old, patch)
openldap2
98039: S/390 support (over 5 months old, patch)
hppa and S/390 will be dropped from woody if these aren't resolved in an
adequate amount of time.
Boot-floppies on some architectures are having issues with sysvinit and
glibc invoking "init q" when debootstrap unpacks them. This could be
a busybox bug (it appears to be giving it's init a PID other than 1),
or a sysvinit bug ("init q" possibly should be a no-op if PID 1 isn't
sysvinit's init), or it could need to be worked around in debootstrap
somehow (ensuring that /sbin/init is a no-op). See also bug 116829.
RC bugs in packages in standard and tasks are:
apache
113900: PHP and LDAP problems (over a month, help!)
114826: PHP problems (almost a month, help!)
117616: -dev package should Depend: on libdb2-dev (a week)
cxterm
94631: doesn't build on arm (6 months)
gnuplot
100612: includes some non-DFSG-free code (4 months)
gpm
85551,110112: libgpm segfaults if gpm not running (9 months)
102031: format string bugs (4 months, security, patch)
118033: doesn't cooperate with X (under a week, user error)
kdeutils
110707: doesn't build on alpha (2 months, not true?)
libtool
66135: LIBTOOL_IS_A_FOOL broken (16 months, fix available but
not uploaded or confirmed to work)
lincity
104852: missing build-depends (almost 4 months)
mc
103102: upgrade breaks due to old data in ~/.gnome (4 months)
108375: gmc dies (over 2 months; not RC?)
111142: gmc dies (2 months; Ximian bug)
112235: gpm bug (see 85551)
mime-support
94869: security problems in run-mailcap (6 months, security,
patch)
115401: configuration ordering bug (almost a month)
mutt
118294: build-depends on non-US (fixed in non-US incoming?)
openssh
115228: built against bad libc (almost a month)
117396: ssh dies (user error)
pdl
104630: doesn't build on hppa (over 3 months)
plotutils
111846: missing build-depends (almost 2 months)
postgresql
118362: upgrade breaks (a day)
python-gnome
118378: strange breakage (a day, not RC?)
python-imaging
117859: needs update to new python policy (under a week)
python-ldap
76717: doesn't work with openldap2 (almost 12 months)
python-xml
118442: needs update to new python policy (a day)
strace
117218: doesn't build on ppc (a week, will be fixed in glibc)
tetex-base
111284: non-DFSG-free files in tetex-extra (2 months)
113899: install problem (1 month)
tetex-bin
117500: note needed in copyright file (under a week)
The deadlines, at this point, are that all the bugs in base packages
that are going to be fixed need to be fixed (and in testing) by Saturday
the 8th of December. If they're not correctly fixed and uploaded during
November, they probably won't make it. Similarly, standard packages,
tasks, boot-floppies and debian-cd need to be in a releasable state by
the same time.
Most of the bugs above have been around for a long time, and as such,
many of them will be just ignored if they're not fixed, making for a
substantially lower quality release than we might want or hope for.
To emphasise: if you want a pleasant, consistent, bug-free woody release,
please start looking at the bugs in your favourite packages and sending
the maintainer patches for them *now*. A number of the bugs above will
need some real analysis, not a five minute tweak. This coming weekend is
a bugsquash party, so hopefully many of the above will end up fixed soon.
Otherwise, we could have some hold ups due to archive maintenance issues
(implementing the necessary changes to support crypto-in-main and
woody-proposed-updates), however these are mostly implemented already,
and *should* be done in enough time: implementing technical solutions
is a lot easier and faster than finding an answer to political/legal
problems which've been the major hold up of late.
Our major risks at this point are no longer schedule related, but
quality related. Please help fixing bugs.
Cheers,
aj (woody release manager)
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
"Security here. Yes, maam. Yes. Groucho glasses. Yes, we're on it.
C'mon, guys. Somebody gave an aardvark a nose-cut: somebody who
can't deal with deconstructionist humor. Code Blue."
-- Mike Hoye,
see http://azure.humbug.org.au/~aj/armadillos.txt
Attachment:
pgpsJRk3WNgw4.pgp
Description: PGP signature