Re: Please review announcement of upcoming release of Debian 4.0r4 "etch-and-a-half"

To: debian-publicity@lists.debian.org, debian-boot@lists.debian.org
Subject: Re: Please review announcement of upcoming release of Debian 4.0r4 "etch-and-a-half"
From: Frans Pop <elendil@planet.nl>
Date: Mon, 28 Jul 2008 02:57:09 +0200
Message-id: <[🔎] 200807280257.10128.elendil@planet.nl>
In-reply-to: <[🔎] 20080727180944.GB12423@kodama.kitenet.net>
References: <[🔎] 488B3394.9050509@schmehl.info> <[🔎] 20080727102012.GA4353@galadriel.inutil.org> <[🔎] 20080727180944.GB12423@kodama.kitenet.net>

On Sunday 27 July 2008, Joey Hess wrote:
> I'm sorry that this is late, but the announcement has a rather
> disturbing number of problems.

There's also an issue with the D-I section. The fact that ssh was used 
with network-console was the reason why d-i needed a rebuild, but the 
announcement should also have mentioned that using older CDs will result 
in vulnerable host keys being generated when openssh-client is initially 
installed from CD [1] and that that is also fixed with the new release.

I also feel a reference to the relevant DSA would have been appropriate.

IMO with these omissions Joey's earlier suggestion [2] of a special DSA 
about all this does make a lot of sense. Someone else will have to take 
the initiative for that though.

I'm sorry that I wasn't available to comment this weekend, but the info I 
had was (from #d-cd on Wednesday):
22:52:53 <zobel>: Sledge: planing for r4 is, that Ganneff and me are doing 
it after 7:52pm install run on friday.
22:53:50 > fjp: zobel: Did you add D-I stuff in you planning/ToDo list?
22:54:54 <zobel>: fjp: yes. i will contact you tomorrow evening about the 
text for the press release.
22:55:20 <zobel>: need to clarify a few things first. eg. who is sending 
out the announcement

I'd already reminded Martin of the need to coordinate the announcement 
earlier (and it is in the SRM checklist [3]).

The first actual pings I got to review the RN were on Saturday (from 
#d-boot):
14:39:54 <Tolimar>: fjp`: I got a first draft of the etch-and-a-half 
announcement ready at http://people.debian.org/~tolimar/tmp/ .  Could you 
please have a look at it?

Given that the release was planned for Friday and Martin was going to 
contact me on Thursday I really do not see how I should have known I 
should have planned on being available on Saturday and Sunday as well.
As it happened I was not. Guess that's the risk when things are left until 
the very last minute, especially if you _know_ you need input from 
others.

I don't know how the communication between RT and d-publicity has been, so 
I also don't know if/how things could have been started up sooner. From 
my PoV it's primarily the job of the RT to make sure things get started 
up early enough to allow for needed coordination/reviews/translation.

Cheers,
FJP

[1] If a security mirror is used this will almost immediately fixed, but 
still.
[2] http://bugs.debian.org/491263#29
[3] http://wiki.debian.org/Teams/ReleaseManager/PointReleaseCheckList

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Please review announcement of upcoming release of Debian 4.0r4 "etch-and-a-half"
  - From: Martin Zobel-Helas <zobel@ftbfs.de>

References:
- Please review announcement of upcoming release of Debian 4.0r4 "etch-and-a-half"
  - From: Alexander Reichle-Schmehl <alexander@schmehl.info>
- Re: Please review announcement of upcoming release of Debian 4.0r4 "etch-and-a-half"
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Please review announcement of upcoming release of Debian 4.0r4 "etch-and-a-half"
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Bug#274695: not going to happen
Next by Date: Re: freeze exception for cryptsetup 1.0.6-4
Previous by thread: Re: Please review announcement of upcoming release of Debian 4.0r4 "etch-and-a-half"
Next by thread: Re: Please review announcement of upcoming release of Debian 4.0r4 "etch-and-a-half"
Index(es):
- Date
- Thread