[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Freeze Update!



Hello world,

As of the weekend just past we've finally obtained the legal advice we
needed to go about putting crypto in main. This was the final policy
issue I'd been waiting on to move the freeze onward, so, voila, the
freeze moves onward.

As of today, policy is frozen. Any further changes to packages need to
be made by unanimous agreement amongst all the maintainers the change
will affect.

Some important changes to debian-policy are documented at
	http://people.debian.org/~ajt/woody_policy_addenda.txt
These shouldn't affect most poeople directly, but I'd encourage you to
give it a quick skim.

Further, as of today, no new packages will be being added to base. This
especially means maintainers of base packages should definitely
avoid fiddling with their dependencies, or compiling against new
libraries. Additionally, base packages should *not* be bumping shlibs
versions from this point, under any circumstances (Hi BenC!).

The freeze goals as of now are to make sure standard, boot-floppies,
and debian-cd are releasable, and to fix up any remaining bugs in base.

Remaining RC base bugs are:

	console-data
		116022: broken on PPC (3 weeks old, patch)
	cyrus-sasl
		115708: FSH non-compliances (3 weeks old)
		118004: security bug (under a week old, patch)
	debianutils
		113453: poor behaviour of rotatelog (over a month old, not RC?)
	gcc-2.96
		115978: broken stringstream behaviour (3 weeks old)
	manpages
		90901: copyright doesn't list upstream source (7 months
		       old, patch)
	openldap2
		112499: remote crash bug in openldap (over a month old)
	pcmcia-cs
		109903: unresolved symbols (2.2.19-pmac)
		116479: user build problems; user error?
		116603: user build problems; not RC?
		97188: uninstallable (2.2.19-pmac)
	ppp
		117497: unversioned build-depends (a week old, patch)
	slang
		115376: slang-utf8 severely broken (four weeks old)
		118003: overflow bug with large windows (under a week, not RC?)
	util-linux
		118367: embedded ppc breaks util-linux (under a week, not RC?)

There are large numbers of non-RC bugs in base packages too, that should
be being worked on over the next couple of weeks if possible. The emphasis
is on making base packages *work* though, not on doing risky things that
will make them better in the long term.

Additionally, two new architectures, hppa and S/390 are having significant
problems: hppa's toolchain has been completely broken recently, but seems
like it will be fixed by the end of the week; and S/390 needs some support
in some packages due to its different environment compared to most ports:

	db2/db3
		114574: S/390 support (over a month old, patch)
	db3
		98918: S/390 support (over 5 months old, patch)
	openldap2
		98039: S/390 support (over 5 months old, patch)

hppa and S/390 will be dropped from woody if these aren't resolved in an
adequate amount of time.

Boot-floppies on some architectures are having issues with sysvinit and
glibc invoking "init q" when debootstrap unpacks them. This could be
a busybox bug (it appears to be giving it's init a PID other than 1),
or a sysvinit bug ("init q" possibly should be a no-op if PID 1 isn't
sysvinit's init), or it could need to be worked around in debootstrap
somehow (ensuring that /sbin/init is a no-op). See also bug 116829.

RC bugs in packages in standard and tasks are:

	apache
		113900: PHP and LDAP problems (over a month, help!)
		114826: PHP problems (almost a month, help!)
		117616: -dev package should Depend: on libdb2-dev (a week)
	cxterm
		94631: doesn't build on arm (6 months)
	gnuplot
		100612: includes some non-DFSG-free code (4 months)
	gpm
		85551,110112: libgpm segfaults if gpm not running (9 months)
		102031: format string bugs (4 months, security, patch)
		118033: doesn't cooperate with X (under a week, user error)
	kdeutils
		110707: doesn't build on alpha (2 months, not true?)
	libtool
		66135: LIBTOOL_IS_A_FOOL broken (16 months, fix available but
		       not uploaded or confirmed to work)
	lincity
		104852: missing build-depends (almost 4 months)
	mc
		103102: upgrade breaks due to old data in ~/.gnome (4 months)
		108375: gmc dies (over 2 months; not RC?)
		111142: gmc dies (2 months; Ximian bug)
		112235: gpm bug (see 85551)
	mime-support
		94869: security problems in run-mailcap (6 months, security, 
		       patch)
		115401: configuration ordering bug (almost a month)
	mutt
		118294: build-depends on non-US (fixed in non-US incoming?)
	openssh
		115228: built against bad libc (almost a month)
		117396: ssh dies (user error)
	pdl
		104630: doesn't build on hppa (over 3 months)
	plotutils
		111846: missing build-depends (almost 2 months)
	postgresql
		118362: upgrade breaks (a day)
	python-gnome
		118378: strange breakage (a day, not RC?)
	python-imaging
		117859: needs update to new python policy (under a week)
	python-ldap
		76717: doesn't work with openldap2 (almost 12 months)
	python-xml
		118442: needs update to new python policy (a day)
	strace
		117218: doesn't build on ppc (a week, will be fixed in glibc)
	tetex-base
		111284: non-DFSG-free files in tetex-extra (2 months)
		113899: install problem (1 month)
	tetex-bin
		117500: note needed in copyright file (under a week)

The deadlines, at this point, are that all the bugs in base packages
that are going to be fixed need to be fixed (and in testing) by Saturday
the 8th of December. If they're not correctly fixed and uploaded during
November, they probably won't make it. Similarly, standard packages,
tasks, boot-floppies and debian-cd need to be in a releasable state by
the same time.

Most of the bugs above have been around for a long time, and as such,
many of them will be just ignored if they're not fixed, making for a
substantially lower quality release than we might want or hope for.

To emphasise: if you want a pleasant, consistent, bug-free woody release,
please start looking at the bugs in your favourite packages and sending
the maintainer patches for them *now*. A number of the bugs above will
need some real analysis, not a five minute tweak. This coming weekend is
a bugsquash party, so hopefully many of the above will end up fixed soon.

Otherwise, we could have some hold ups due to archive maintenance issues
(implementing the necessary changes to support crypto-in-main and
woody-proposed-updates), however these are mostly implemented already,
and *should* be done in enough time: implementing technical solutions
is a lot easier and faster than finding an answer to political/legal
problems which've been the major hold up of late.

Our major risks at this point are no longer schedule related, but
quality related. Please help fixing bugs.

Cheers,
aj (woody release manager)

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

 "Security here. Yes, maam. Yes. Groucho glasses. Yes, we're on it.
   C'mon, guys. Somebody gave an aardvark a nose-cut: somebody who
    can't deal with deconstructionist humor. Code Blue."
		-- Mike Hoye,
		      see http://azure.humbug.org.au/~aj/armadillos.txt

Attachment: pgpP1syDDcGOX.pgp
Description: PGP signature


Reply to: