Re: DEX ancient-patches: where the rubber meets the road
- To: Stefano Zacchiroli <zack@debian.org>
- Cc: debian-derivatives@lists.debian.org, Allison Randal <allison@canonical.com>, Amaya Rodrigo Sastre <amaya@debian.org>, Andrew Mitchell <ajmitch@debian.org>, Andrew Starr-Bochicchio <andrewsomething@ubuntu.com>, Bilal Akhtar <bilalakhtar@ubuntu.com>, David Paleino <dapal@debian.org>, Jeremiah Foster <jeremiah@jeremiahfoster.com>, Micah Gersten <micahg@ubuntu.com>, Nathan Handler <nhandler@ubuntu.com>, Steve Langasek <vorlon@debian.org>, Colin Watson <cjwatson@debian.org>, James Westby <jw+debian@jameswestby.net>
- Subject: Re: DEX ancient-patches: where the rubber meets the road
- From: Matt Zimmerman <mdz@canonical.com>
- Date: Wed, 13 Apr 2011 09:20:40 +0100
- Message-id: <20110413082040.GH6343@alcor.net>
- Mail-followup-to: Matt Zimmerman <mdz@canonical.com>, Stefano Zacchiroli <zack@debian.org>, debian-derivatives@lists.debian.org, Allison Randal <allison@canonical.com>, Amaya Rodrigo Sastre <amaya@debian.org>, Andrew Mitchell <ajmitch@debian.org>, Andrew Starr-Bochicchio <andrewsomething@ubuntu.com>, Bilal Akhtar <bilalakhtar@ubuntu.com>, David Paleino <dapal@debian.org>, Jeremiah Foster <jeremiah@jeremiahfoster.com>, Micah Gersten <micahg@ubuntu.com>, Nathan Handler <nhandler@ubuntu.com>, Steve Langasek <vorlon@debian.org>, Colin Watson <cjwatson@debian.org>, James Westby <jw+debian@jameswestby.net>
- In-reply-to: <20110410091807.GA32548@upsilon.cc>
- References: <20110330134211.GB4562@alcor.net> <20110403093923.GA9725@upsilon.cc> <20110409074001.GF2349@alcor.net> <20110410091807.GA32548@upsilon.cc>
On Sun, Apr 10, 2011 at 11:18:07AM +0200, Stefano Zacchiroli wrote:
> On Sat, Apr 09, 2011 at 08:40:01AM +0100, Matt Zimmerman wrote:
> > > Have those bugs being user tagged in addition to collected on the status
> > > page? While it might seem duplicate work to do so as well, usertagging
> > > would allow to query the status of bugs pertaining to a specific project
> > > using either the SOAP interface or UDD. The latter would be particularly
> > > useful for QA initiatives, which might want to use DEX gathered data to
> > > spot, for instance, unmaintained packages.
> >
> > No, I don't think this particular set of bugs has been usertagged yet.
>
> Done now (with a bit more gymnastic than expected, given some bug needed
> unarchiving). The overview page is at:
>
> http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=debian-derivatives@lists.debian.org;tag=dex-ubuntu-ancient-patches
>
> Can you link it from somewhere on the page of the ancient-patches
> initiatives (more as a template for the future than as actually needed
> at this point ...)
Thanks for taking care of this. I've added a link to
http://dex.alioth.debian.org/ubuntu/ancient-patches/
> In the specific case you mention (dhcp, #308832), the maintainer also
> replied about the merits of the patch, saying that he has a policy to
> stay close to upstream, whereas the proposed patch will make him drift
> from that policy. You clearly have a different view and believe that the
> benefits of applying that patch in terms of security justify drifting
> from maintainer policy. If anyone, DEX or not, feels strongly about the
> position you're advocating, the proper solution would be to activate the
> CTTE. An usual middle ground could be raising the topic on -devel, to
> gather opinions from others.
I believe that in this case, the combined benefits of security for Debian
users, and reduced delta with Ubuntu, outweigh the costs of carrying the
patch.
Given that the package in question already carries 10 patches with over
5,000 lines of changes, this additional 10-line patch should have virtually
no effect on ongoing package maintenance.
I will continue the dialog with the maintainer about it before taking the
discussion to any other audience.
> All this is part of the reason why I believe a killer feature DEX
> initiatives should have is the ability to keep track, in the long run, of
> the status of every single delta and of corresponding "next actions" /
> "reminders". By the way, I fully understand how all this can be perceived
> as frustrating and I'm not hiding the fact that it's less efficient than
> being able to just do things. But we still need to work by the rules and
> propose stepwise improvements to those rules where needed.
It is definitely useful to be able to keep track of these tasks, but I
believe the most important principle for DEX is to *get them done*. Where
we must choose between expending energy on bookkeeping, or on merging, we
should (in my opinion) generally choose the latter.
I would go so far as to say that if the result of DEX is primarily a list of
outstanding tasks, which are queued waiting for Debian maintainers to act,
then DEX will be a failure in my eyes.
There is already a list of hundreds of such tasks here:
http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ubuntu-patch;users=ubuntu-devel@lists.ubuntu.com
which is growing steadily, along with the delta between Debian and Ubuntu.
Our mission is to reverse that trend.
> > I think that at this point, we should start working on an updated package
> > for sysklogd. There is some work to be done to extract the updated patch
> > from Ubuntu, and package it for Debian. That work will be useful if the
> > maintainer responds, or for a delayed NMU, so it seems worth doing.
> >
> > Would any of our volunteers be willing to help with this task?
>
> I agree that preparing a delayed NMU would be appropriate in this case.
> (Unfortunately I cannot volunteer myself for doing that ATM.)
I cannot do this myself as I do not have upload privileges in Debian, and
need help from someone who can upload packages on behalf of DEX.
> > I think that doing uploads is well within the scope of DEX, where this will
> > improve Debian and reduce the delta with a derivative.
>
> I'll be more than happy about having NMUs within the scope of DEX! In
> fact, that would be a very concrete step in closing deltas.
Agreed. Let's get started on our first one. :-)
--
- mdz
Reply to: