Hi Bas, * Bas Wijnen <email@example.com> [2008-04-24 23:34]: > We (Bas Wijnen, Lucas Nussbaum) worked on a Debian Enhancement > Proposal on the policies and workflows for Non Maintainer Uploads > (NMUs). > > The main purpose of the proposal is: > * to explicitely allow fixing bugs of severity lower than important in > NMUs. > * to encourage the use of the DELAYED queue. > * to try to encourage a responsible approach for NMUs, instead of an > approach based on strict rules. [...] What about introducing a special case regarding the waiting period before uploading an NMU for security bugs? There are often cases in which we already have a patch handy to fix a security issue but still wait a few days on the maintainers reaction. The 0-day NMU rules at the moment are already helpful here but I also consider 7 days of waiting period as unacceptable for security fixes and not all maintainers are on the Low-Treshold-NMU list. Kind regards Nico -- Nico Golde - http://www.ngolde.de - firstname.lastname@example.org - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Description: PGP signature