[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Freeze Update!

Hello world,

As of the weekend just past we've finally obtained the legal advice we
needed to go about putting crypto in main. This was the final policy
issue I'd been waiting on to move the freeze onward, so, voila, the
freeze moves onward.

As of today, policy is frozen. Any further changes to packages need to
be made by unanimous agreement amongst all the maintainers the change
will affect.

Some important changes to debian-policy are documented at
These shouldn't affect most poeople directly, but I'd encourage you to
give it a quick skim.

Further, as of today, no new packages will be being added to base. This
especially means maintainers of base packages should definitely
avoid fiddling with their dependencies, or compiling against new
libraries. Additionally, base packages should *not* be bumping shlibs
versions from this point, under any circumstances (Hi BenC!).

The freeze goals as of now are to make sure standard, boot-floppies,
and debian-cd are releasable, and to fix up any remaining bugs in base.

Remaining RC base bugs are:

		116022: broken on PPC (3 weeks old, patch)
		115708: FSH non-compliances (3 weeks old)
		118004: security bug (under a week old, patch)
		113453: poor behaviour of rotatelog (over a month old, not RC?)
		115978: broken stringstream behaviour (3 weeks old)
		90901: copyright doesn't list upstream source (7 months
		       old, patch)
		112499: remote crash bug in openldap (over a month old)
		109903: unresolved symbols (2.2.19-pmac)
		116479: user build problems; user error?
		116603: user build problems; not RC?
		97188: uninstallable (2.2.19-pmac)
		117497: unversioned build-depends (a week old, patch)
		115376: slang-utf8 severely broken (four weeks old)
		118003: overflow bug with large windows (under a week, not RC?)
		118367: embedded ppc breaks util-linux (under a week, not RC?)

There are large numbers of non-RC bugs in base packages too, that should
be being worked on over the next couple of weeks if possible. The emphasis
is on making base packages *work* though, not on doing risky things that
will make them better in the long term.

Additionally, two new architectures, hppa and S/390 are having significant
problems: hppa's toolchain has been completely broken recently, but seems
like it will be fixed by the end of the week; and S/390 needs some support
in some packages due to its different environment compared to most ports:

		114574: S/390 support (over a month old, patch)
		98918: S/390 support (over 5 months old, patch)
		98039: S/390 support (over 5 months old, patch)

hppa and S/390 will be dropped from woody if these aren't resolved in an
adequate amount of time.

Boot-floppies on some architectures are having issues with sysvinit and
glibc invoking "init q" when debootstrap unpacks them. This could be
a busybox bug (it appears to be giving it's init a PID other than 1),
or a sysvinit bug ("init q" possibly should be a no-op if PID 1 isn't
sysvinit's init), or it could need to be worked around in debootstrap
somehow (ensuring that /sbin/init is a no-op). See also bug 116829.

RC bugs in packages in standard and tasks are:

		113900: PHP and LDAP problems (over a month, help!)
		114826: PHP problems (almost a month, help!)
		117616: -dev package should Depend: on libdb2-dev (a week)
		94631: doesn't build on arm (6 months)
		100612: includes some non-DFSG-free code (4 months)
		85551,110112: libgpm segfaults if gpm not running (9 months)
		102031: format string bugs (4 months, security, patch)
		118033: doesn't cooperate with X (under a week, user error)
		110707: doesn't build on alpha (2 months, not true?)
		66135: LIBTOOL_IS_A_FOOL broken (16 months, fix available but
		       not uploaded or confirmed to work)
		104852: missing build-depends (almost 4 months)
		103102: upgrade breaks due to old data in ~/.gnome (4 months)
		108375: gmc dies (over 2 months; not RC?)
		111142: gmc dies (2 months; Ximian bug)
		112235: gpm bug (see 85551)
		94869: security problems in run-mailcap (6 months, security, 
		115401: configuration ordering bug (almost a month)
		118294: build-depends on non-US (fixed in non-US incoming?)
		115228: built against bad libc (almost a month)
		117396: ssh dies (user error)
		104630: doesn't build on hppa (over 3 months)
		111846: missing build-depends (almost 2 months)
		118362: upgrade breaks (a day)
		118378: strange breakage (a day, not RC?)
		117859: needs update to new python policy (under a week)
		76717: doesn't work with openldap2 (almost 12 months)
		118442: needs update to new python policy (a day)
		117218: doesn't build on ppc (a week, will be fixed in glibc)
		111284: non-DFSG-free files in tetex-extra (2 months)
		113899: install problem (1 month)
		117500: note needed in copyright file (under a week)

The deadlines, at this point, are that all the bugs in base packages
that are going to be fixed need to be fixed (and in testing) by Saturday
the 8th of December. If they're not correctly fixed and uploaded during
November, they probably won't make it. Similarly, standard packages,
tasks, boot-floppies and debian-cd need to be in a releasable state by
the same time.

Most of the bugs above have been around for a long time, and as such,
many of them will be just ignored if they're not fixed, making for a
substantially lower quality release than we might want or hope for.

To emphasise: if you want a pleasant, consistent, bug-free woody release,
please start looking at the bugs in your favourite packages and sending
the maintainer patches for them *now*. A number of the bugs above will
need some real analysis, not a five minute tweak. This coming weekend is
a bugsquash party, so hopefully many of the above will end up fixed soon.

Otherwise, we could have some hold ups due to archive maintenance issues
(implementing the necessary changes to support crypto-in-main and
woody-proposed-updates), however these are mostly implemented already,
and *should* be done in enough time: implementing technical solutions
is a lot easier and faster than finding an answer to political/legal
problems which've been the major hold up of late.

Our major risks at this point are no longer schedule related, but
quality related. Please help fixing bugs.

aj (woody release manager)

Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

 "Security here. Yes, maam. Yes. Groucho glasses. Yes, we're on it.
   C'mon, guys. Somebody gave an aardvark a nose-cut: somebody who
    can't deal with deconstructionist humor. Code Blue."
		-- Mike Hoye,
		      see http://azure.humbug.org.au/~aj/armadillos.txt

Attachment: pgptiwv5Imeqv.pgp
Description: PGP signature

Reply to: