Re: Bashing rude users does not fix bugs they report.

To: debian-devel@lists.debian.org
Subject: Re: Bashing rude users does not fix bugs they report.
From: Charles Plessy <charles-debian-nospam@plessy.org>
Date: Mon, 4 Sep 2006 10:00:14 +0900
Message-id: <[🔎] 20060904010014.GA10460@kunpuu.plessy.org>
Reply-to: charles-debian-nospam@plessy.org
In-reply-to: <[🔎] 20060903090639.GB5651@mauritius.dodds.net>
References: <[🔎] 20060903090639.GB5651@mauritius.dodds.net>

Le Sun, Sep 03, 2006 at 04:06:39AM -0500, Steve Langasek a écrit :
> On Sat, Sep 02, 2006 at 10:31:21PM +0900, Charles Plessy wrote:
> > here is a summary of what happened:
> 
> > - A security update of Sarge broke programs, some being shipped in
> >   Sarge, some being installed by the users from other sources.
> 
> > - The problem was quickly reported, and a fix was made.
> 
> > - Unfortunately, it was not released during aproximately two months.
> 
> > - A user complained on -devel.
> 
> > - It was realised by the appropriate persons that the fix was forgetten
> >   for two months.
> 
> Incorrect.  a) the bug was never forgotten; b) the longest delay in my
> discussion with the security team was around 3 weeks, which regardless of
> whether this should be acceptable is != 2 months.

Dear Steve,

Let's take the point of view of the user, who sees only the part of your
discussion with the security team which is visible on the BTS:

- There is a security fix on a package the 10th of June.

- It is reported the 11th of June that it breaks OOo2; reports that it
  breaks applications supported by Debian stable follow.

- The maintainer of the package releases a fix for the regression on the
  14th of June on his people.d.o page.

=> From the point of view of the user, the bug was technically fixed
   within 4 days. The rest of the delay is, say "infrastructural".

- After being confirmed that the fix was effective, the package
  maintainer contacts the security team the 15h of June.

- Nothing happens for 10 days. The package maintainer re-contacts the
  security team the 25th of June. The package is uploaded to
  security.d.o on the 26th.

- The 7th of July, it is reported that the package is lost.

- The 1st of August, a user reports that Sarge is still suffering of
  this bug.

- Nothing happens for more that two weeks. Other users ask for the bug
  to be fixed, but there was no answer from Debian developers.

- The 17th of August, the user who complained on the 1st August
  complains again, but on -devel, and threatening to leave Debian for
  Ubuntu.

- The 19th of August, a new version of the fixed package is uploaded to
  the security team.

- The 1th of September, the bug is officially fixed, because the new
  package is part of the 3rd revision of Sarge.

=> With a few drops of cynicism, the morale of the story is that noting
   will happen if you do not cry out loud on -devel that you will switch to
   Ubuntu.

We all know that it is wrong, and you confirmed that the correlation in
the dates happened just by chance. But the point of my messages was that
when a user complains on -devel about broken software which is not
supported by Debian, although it seems to make sense to tell him that
Debian can not solve all of his computer problems, it is safer to check
before that there nothing wrong happening which could have induced this
user to calm his nerves on -devel.

You are right that there has never been a lapse of more than three
weeks. But there have been multiple lapses which total a bit more that
six weeks, and the delay for pushing the fixed package in Sarge is
approximately two months and two weeks. I can understand that users who
had their system broken by a security update become angry after two
months in which Debian is not *apparently* in a hurry to repair what was
broken.

Please do not take this as a blunt criticism to the security.d.o team
or the package maintainer. I am just saying that if people do see only
the problems and the delays, and not the hard work behind, they will
have the impression that Debian does not care.

I already suggested to dedicate a few square centimeters of the homepage
to "crisis communication". I do not think that it necessary requires a
person in charge, especially as it is a sensitive subject: if there is
crisis communication to do, it means that something wrong happened *in
the hands of somebody*. But package maintainers could benefit from
having a space in which they can communicate with their users when
something is prevented to be fixed in the classical way. (that space
could also take the shape of a header on top of bug reports, for
instance, there are many possible variations on the theme...)

Have a nice day,

-- 
Charles Plessy
http://charles.plessy.org
Wako, Saitama, Japan

Reply to:

References:
- Re: Bashing rude users does not fix bugs they report.
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Thanks for the work
Next by Date: [PATCH] fix for fglrx driver package builds
Previous by thread: Re: Bashing rude users does not fix bugs they report.
Next by thread: Re: Why does Ubuntu have all the ideas?
Index(es):
- Date
- Thread