Re: libc6_2.0.7r-3 considered harmful
> While I agree, the current management of the archives makes this quite
> difficult, as there isn't sufficient archive space to keep every old
> version of every package, which is the only way to be "absolutely" safe.
We don't have to. Keeping the signed .changes file would be enough in most
cases. -2 is burned onto loads of CD's and as such will be available for
ages. Anyone with a copy and good Internet bandwidth could have had a copy in
Incoming on master with in a hour or two of the bug being noticed.
The current situation (-3 is _still_ in the archive, ready for some poor sod
to download and die), is unacceptable IMHO, and we should try to ensure that
we don't get into this situation again.
Even doing something like damaging the -3 files, so they are uninstallable
would be preferable to leaving them where they are. Since -2 is available, we
should have taken advantage of that fact, and used it.
This is taking too long, and for that reason we need a policy that
automatically kicks in when a corrosive package hits the archive in future, so
that we get to limit the damage.
How many people have been bitten by this since the bug was found ? We should
have been able to prevent this damage in some way --- even if it means having
no libc6 available for a couple of days, this seems preferable to breaking
people's systems when we could avoid it.
Cheers, Phil.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: