Re: debian security archive/updates b0rken???

To: debian-devel@lists.debian.org, debian-admin@lists.debian.org, debian-security@lists.debian.org, team@security.debian.org
Subject: Re: debian security archive/updates b0rken???
From: Martin Schulze <joey@infodrom.org>
Date: Wed, 29 Jun 2005 12:34:55 +0200
Message-id: <[🔎] 20050629103454.GI9098@finlandia.infodrom.north.de>
In-reply-to: <[🔎] 20050619064529.GG8575@mauritius.dodds.net>
References: <[🔎] 20050619043123.GA19175@seanius.net> <[🔎] 20050619064529.GG8575@mauritius.dodds.net>

Steve Langasek wrote:
> On Sun, Jun 19, 2005 at 12:31:23AM -0400, sean finney wrote:
> > please excuse this blatant cross-posting, i wouldn't do it if i didn't
> > think it were critical that i do so...
> 
> > http://www.infodrom.org/~joey/log/?200506142140
> 
> > say it isn't so!
> 
> It isn't so.  It's true that the design of sbuild/wanna-build means there
> were no autobuilders available for stable-security at the moment of sarge's
> release, but there was already work in progress to fix this by the time that
> blog entry was posted, and the claim that "it looks like we'll be without
> security updates for quite a while" caused no small amount of consternation.

To avoid confusion, feel free to keep the security in the loop and send
updates to them.

FWIW: Up to today (still 8000 mails to go, though, there's a small
chance that an answer is within them), I still don't know what to
to with the updates to crip, bzip2, cvs and ht, that were in the
queue at the time sarge was released.  I asked both Ryan and the
ftpmaster team, without receiving an answer, hence the security
team can only assume that the status from the time sarge was released
is still true: security.debian.org broken.

I don't like abusing my root permission to fix areas where I shouldn't
intervene, hence I'm trying to avoid this on security.debian.org as
well.

> TTBOMK, there is now again a full complement of stable-security autobuilders
> available on 11 archs, and autobuilders for testing-security on 10/11 archs.

Good.

> It doesn't look like the security team has issued any DSAs since then,

Because they sent inquiries about the situation and haven't yet received
a note that everything is fine again and how to proceed with the updates
already in the queue.

> though they may have done uploads that haven't yet been published (I
> wouldn't know, not having access to look on klecker).

No uploads have been made since the release of sarge, because the archive
is broken.  What you could have seen was made before the release of sarge.
I have had prepared more than half a dozen uploads but did not upload them,
though.

I've uploaded a few packages now to find out if it's working again.
I don't expect the next DSAs to work properly, though.

Regards,

	Joey

-- 
GNU does not eliminate all the world's problems, only some of them.
                                                -- The GNU Manifesto

Please always Cc to me when replying to me on the lists.

Reply to:

References:
- debian security archive/updates b0rken???
  - From: sean finney <seanius@debian.org>
- Re: debian security archive/updates b0rken???
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Bad press related to (missing) Debian security - action
Next by Date: Re: sudo fix
Previous by thread: Re: debian security archive/updates b0rken???
Next by thread: Wow..Mens Love This ZL
Index(es):
- Date
- Thread