Bug#802159: New OpenSSL upstream version
On Tue, 20 Oct 2015, Don Armstrong wrote:
> On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > I've been waiting for the release team for a while to make a decision
> > on #765639 for a year now. Could you help in getting a decision?
> >
> > I've actually been waiting for longer than that, I can't directly find
> > all links, but previous discussions about it are at least:
> > https://lists.debian.org/debian-devel/2013/09/msg00466.html
> > https://lists.debian.org/debian-project/2013/12/msg00140.html
>
> Is there anything that it would be helpful for the technical committee
> to do here to help facilitate coming to a decision on this?
From discussions (briefly) on IRC:
<adsb> my general thoughts offhand are that new upstream versions in
stable always make me twitchy, new upstream versions that
introduce features or are sensitive / important packages more
so, new upstream versions that do both doubly. and we try and
avoid ending up saying no to people, which often ends up
actually making things worse as they linger (and we're not
doing that well at keeping up with the "easy" requests right
now)
So from what I'm gathering, this looks like a case where there isn't
enough eyeballs to adequately review this particularly set of updates,
coupled with the importance of making sure that these updates are
correct and don't cause any unintended issues.
There was some discussion of whether a more concrete process might help
alleviate the time requirements of these reviews, but I think that's
something for the stable release managers (and other interested parties)
to hash out.
If there's something specific that you'd like the CTTE to try to do
beyond what I've just reported now, let me know.
--
Don Armstrong http://www.donarmstrong.com
Where I sleep at night, is this important compared to what I read
during the day? What do you think defines me? Where I slept or what I
did all day?
-- Thomas Van Orden of Van Orden v. Perry
Reply to: