Re: Bashing rude users does not fix bugs they report.
Le Sun, Sep 03, 2006 at 04:06:39AM -0500, Steve Langasek a écrit :
> On Sat, Sep 02, 2006 at 10:31:21PM +0900, Charles Plessy wrote:
> > here is a summary of what happened:
>
> > - A security update of Sarge broke programs, some being shipped in
> > Sarge, some being installed by the users from other sources.
>
> > - The problem was quickly reported, and a fix was made.
>
> > - Unfortunately, it was not released during aproximately two months.
>
> > - A user complained on -devel.
>
> > - It was realised by the appropriate persons that the fix was forgetten
> > for two months.
>
> Incorrect. a) the bug was never forgotten; b) the longest delay in my
> discussion with the security team was around 3 weeks, which regardless of
> whether this should be acceptable is != 2 months.
Dear Steve,
Let's take the point of view of the user, who sees only the part of your
discussion with the security team which is visible on the BTS:
- There is a security fix on a package the 10th of June.
- It is reported the 11th of June that it breaks OOo2; reports that it
breaks applications supported by Debian stable follow.
- The maintainer of the package releases a fix for the regression on the
14th of June on his people.d.o page.
=> From the point of view of the user, the bug was technically fixed
within 4 days. The rest of the delay is, say "infrastructural".
- After being confirmed that the fix was effective, the package
maintainer contacts the security team the 15h of June.
- Nothing happens for 10 days. The package maintainer re-contacts the
security team the 25th of June. The package is uploaded to
security.d.o on the 26th.
- The 7th of July, it is reported that the package is lost.
- The 1st of August, a user reports that Sarge is still suffering of
this bug.
- Nothing happens for more that two weeks. Other users ask for the bug
to be fixed, but there was no answer from Debian developers.
- The 17th of August, the user who complained on the 1st August
complains again, but on -devel, and threatening to leave Debian for
Ubuntu.
- The 19th of August, a new version of the fixed package is uploaded to
the security team.
- The 1th of September, the bug is officially fixed, because the new
package is part of the 3rd revision of Sarge.
=> With a few drops of cynicism, the morale of the story is that noting
will happen if you do not cry out loud on -devel that you will switch to
Ubuntu.
We all know that it is wrong, and you confirmed that the correlation in
the dates happened just by chance. But the point of my messages was that
when a user complains on -devel about broken software which is not
supported by Debian, although it seems to make sense to tell him that
Debian can not solve all of his computer problems, it is safer to check
before that there nothing wrong happening which could have induced this
user to calm his nerves on -devel.
You are right that there has never been a lapse of more than three
weeks. But there have been multiple lapses which total a bit more that
six weeks, and the delay for pushing the fixed package in Sarge is
approximately two months and two weeks. I can understand that users who
had their system broken by a security update become angry after two
months in which Debian is not *apparently* in a hurry to repair what was
broken.
Please do not take this as a blunt criticism to the security.d.o team
or the package maintainer. I am just saying that if people do see only
the problems and the delays, and not the hard work behind, they will
have the impression that Debian does not care.
I already suggested to dedicate a few square centimeters of the homepage
to "crisis communication". I do not think that it necessary requires a
person in charge, especially as it is a sensitive subject: if there is
crisis communication to do, it means that something wrong happened *in
the hands of somebody*. But package maintainers could benefit from
having a space in which they can communicate with their users when
something is prevented to be fixed in the classical way. (that space
could also take the shape of a header on top of bug reports, for
instance, there are many possible variations on the theme...)
Have a nice day,
--
Charles Plessy
http://charles.plessy.org
Wako, Saitama, Japan
Reply to: