[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More 5 november in the release schedule

On Wed, Nov 09, 2016 at 11:16:36AM +0800, Paul Wise wrote:
> On Wed, Nov 9, 2016 at 1:36 AM, Emilio Pozuelo Monfort wrote:
> 
> > Right. We want auto-removals to be useful for the release process, so that we
> > don't end up with a thousand of RC bugs in testing when we freeze, most of them
> > on packages that nobody cares about, not even their maintainers.
> >
> > However, we don't want auto-removals to drop your package behind your back. If
> > that happens, that's a bad thing and you should let us know so we can fix
> > things. auto-removals should notify the maintainer in advance, and only act
> > after a reasonable period of time.
> >
> > The "packages can't re-enter testing during the freeze" is an incentive so that
> > maintainers don't wait to fix a package after a few months, and so that we don't
> > have to go and remove them manually. This way you know that something is going
> > to happen if you don't act, yet you should have a reasonable amount of time to
> > do something. Hopefully this helps have a short(er) freeze, which is good for
> > everyone.
> 
> FYI, it looks like at least buildd stuff (IIRC that uses dose3),
> rt.d.o, snapshot.d.o and the Debian VoIP services will need to remain
> on jessie until the affected packages reach stretch-backports

Is anyone tracking what packages are installed from backports on
Debian machines, and the CVEs in them?

Using backports without doing that would be irresponsible.

> as a
> result of the autoremovals stuff:
> 
> https://lists.debian.org/debian-services-admin/2016/10/msg00002.html
>...

Package removals from unstable are also a potential problem, example:

==> vogler.debian.org <==
New packages removed from Debian 'testing' (the maintainer might need help):
 - freeradius - https://tracker.debian.org/pkg/freeradius
 - freeradius-common - https://tracker.debian.org/pkg/freeradius
 - freeradius-utils - https://tracker.debian.org/pkg/freeradius
 - libfreeradius2 - https://tracker.debian.org/pkg/freeradius

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806617#22
The maintainer wanted to remove this package from *unstable*.

FreeRADIUS is popular enough that people noticed before an RM: bug was 
filed, and new maintainers were found immediately.
Other packages are not that popular.

If any packages needed on these Debian machines have been removed from 
unstable, they are not on your list.

This is the reason why a ITP/RM revolving door is creating huge 
headaches for users.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed
Reply to: