Re: virtualbox, backports, and fasttrack

To: Pirate Praveen <praveen@onenetbeyond.org>
Cc: debian-devel@lists.debian.org, debian-backports@lists.debian.org
Subject: Re: virtualbox, backports, and fasttrack
From: Jonathan Nieder <jrnieder@gmail.com>
Date: Sun, 1 Dec 2019 16:38:13 -0800
Message-id: <[🔎] 20191202003813.GA53103@gmail.com>
In-reply-to: <1570200774.8610.0@onenetbeyond.org>
References: <20191002195818.GA22649@xanadu.blop.info> <3e2b5453-c447-ae06-396e-0bf11c28f4a3@bzed.de> <1570200774.8610.0@onenetbeyond.org>

Hi,

Pirate Praveen wrote:
> On Wed, Oct 2, 2019 at 23:23, Bernd Zeimetz <bernd@bzed.de> wrote:
>> Hi Lucaus,

>>> I hope that <http://fasttrack.debian.net/> will make quick
>>> progress and turn into an official service soon.
>>
>> basically a good idea, but
>
> I'm part of the Fast Track team and I'll try to answer your questions.

Thanks much for this.  I'm excited to see the idea moving forward.

>> - what are your requirements for packages that are being uploaded there?
>
> buster-fasttrack suite:
>
> If a package cannot be part of a stable release because we cannot provide
> security updates for the entire stable lifecylce then that package cannot be
> in testing or backports. Those packages get security updates along with new
> upstream versions and such software can be in FastTrack.

Does the package need to be in unstable or experimental to be in
fasttrack?  Or can I upload a package to fasttrack without being in
Debian at all?

(Asking in order to better understand how this works.  My first guess
would have been "has to be in unstable or experimental".  Looking at
the mailing list post you linked to, it's "has to be in unstable",
which seems reasonable enough, I suppose.)

> We have not really thought about removals yet (probably we have not reached
> that stage yet as we only have one package there ie, gitlab and it is
> maintained well.). But we could follow the same rules as testing and
> backports (except for the meta rc bug that is present only to prevent
> testing migration).

Who should I contact if I need to remove a package?  E.g. is there a
request tracker queue or debbugs virtual package for this?

What are the criteria for being able to upload?  Is there a keyring
for developers who can upload to fasttrack?

Where should users report bugs?  (My preference would be "all packages
in fasttrack are uploaded by members of the packaging team for the
corresponding package in unstable, and bug reports are accepted in the
ordinary bug tracking system".)

What user-facing recommendations are provided?  If a user wants to
stop using fasttrack, can they upgrade to unstable and remove
fasttrack from sources.list?  Can packages in fasttrack depend on
other packages in fasttrack, or only on packages in stable +
stable-backports?

Is there a mailing list for day-to-day discussion?

> Secutity issues are fixed by uploading new upstream releases.

What architectures are supported?  Are there autobuilders available?
Is there a way to build releases with an embargoed security fix in
secret?  (It's fine if the answer is "no".)  Is there a way to upload
binary packages to avoid waiting for autobuilders to act on a security
release?  Is there an announcement list for uploads addressing
security issues?

Thanks,
Jonathan

Reply to:

Follow-Ups:
- Re: virtualbox, backports, and fasttrack
  - From: Pirate Praveen <praveen@onenetbeyond.org>

Next by Date: Re: virtualbox, backports, and fasttrack
Next by thread: Re: virtualbox, backports, and fasttrack
Index(es):
- Date
- Thread