Re: don't upgrade! libpam problem!
Emmanuel Charpentier <charpent@bacbuc.dyndns.org> wrote:
>Sam Hartmann uttered :
>
> >It's libpam-modules. A fixed deb is in incoming now. I'm really
> >
> >sorry about thi; I screwed up between testing the patch and doing the
> >final build and introduced a typo. Yes, I know I suck. I will be
> >more careful in the future.
>
>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>Don't you test your "final build" ? Of a *vital* package ?? If possible at
>all, on a separate machine ??? Oh, my ...
I'd actually like to thank Sam, indirectly. He reminded me, as well as a
lot of other people, I think, of how important it is to take some degree
of care over an upgrade. Had I had my wits about me I'd have built and
installed a rootshell.deb rather than exiting my running dselect once I
realized there was a problem; as it was, I had to reboot, and it
happened that my ISP's DHCP server wasn't responding when I tried to
bring it back up. If I could recover in that situation, I kind of doubt
that any irreparable damage was done to anybody else.
On a system you care about running unstable, it is just irresponsible to
upgrade vital packages without giving yourself some insurance that you
might have a chance of fixing them if they go wrong. If you're upgrading
PAM, this means keeping a root shell open and testing that you can open
another one afterwards. The developer might have built it on a
completely different architecture and it might have built wrongly on
yours, for all you know, or you might have some weird environment
uncovering a bug that no amount of testing by the developer would have
revealed. Sam (inadvertently) reminded some people that they'd got
complacent about unstable being safe, which can only be a good thing.
This is not the first time unstable has broken. It won't be the last.
Anybody with a comfortable expectation that it's going to be an easy
ride needs to lose that expectation before they try to run unstable
somewhere it really matters. So it works 99% of the time - great, but
please lose the attitude that you need to BURN THE WITCHES if something
does go wrong. Once whatever bugs do arise are fixed in a timely
fashion, I have no complaints.
>This kind of *imbecility* gives some *real* arguments to tenants of
>commercial development. No need to FUD anybody here : this is *real*
>mispractice. Expect a lot of flak from the commercial development side, and
>don't fight it : it will have been *well* *earned*.
Oh, leave him alone already. Maintaining a complex and critical package
is enough stress without being mindlessly flamed about it every time you
make a human mistake after you thought you'd tested your changes. I
expect that the 23 critical bug reports will have more than driven your
point home.
Under the circumstances, Sam's rapid warning to -devel-announce and
-user, and his subsequent quick upload so that we could point users at
incoming as early as possible, were exactly what I'd like to see in a
Debian developer.
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: