Re: don't upgrade! libpam problem!

To: debian-devel@lists.debian.org
Subject: Re: don't upgrade! libpam problem!
From: cjwatson@flatline.org.uk (Colin Watson)
Date: Wed, 27 Jun 2001 19:30:43 +0100
Message-id: <[🔎] E15FK5L-0004Np-00@riva.ucam.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 3B391E16.7000206@bacbuc.dyndns.org>
References: <[🔎] 3B391E16.7000206@bacbuc.dyndns.org>

Emmanuel Charpentier <charpent@bacbuc.dyndns.org> wrote:
>Sam Hartmann uttered :
>
> >It's libpam-modules.  A fixed deb is in incoming now.  I'm really
> >
> >sorry about thi; I screwed up between testing the patch and doing the
> >final build and introduced a typo.  Yes, I know I suck.  I will be
> >more careful in the future.
>
>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>Don't you test your "final build" ? Of a *vital* package ?? If possible at 
>all, on a separate machine ??? Oh, my ...

I'd actually like to thank Sam, indirectly. He reminded me, as well as a
lot of other people, I think, of how important it is to take some degree
of care over an upgrade. Had I had my wits about me I'd have built and
installed a rootshell.deb rather than exiting my running dselect once I
realized there was a problem; as it was, I had to reboot, and it
happened that my ISP's DHCP server wasn't responding when I tried to
bring it back up. If I could recover in that situation, I kind of doubt
that any irreparable damage was done to anybody else.

On a system you care about running unstable, it is just irresponsible to
upgrade vital packages without giving yourself some insurance that you
might have a chance of fixing them if they go wrong. If you're upgrading
PAM, this means keeping a root shell open and testing that you can open
another one afterwards. The developer might have built it on a
completely different architecture and it might have built wrongly on
yours, for all you know, or you might have some weird environment
uncovering a bug that no amount of testing by the developer would have
revealed. Sam (inadvertently) reminded some people that they'd got
complacent about unstable being safe, which can only be a good thing.

This is not the first time unstable has broken. It won't be the last.
Anybody with a comfortable expectation that it's going to be an easy
ride needs to lose that expectation before they try to run unstable
somewhere it really matters. So it works 99% of the time - great, but
please lose the attitude that you need to BURN THE WITCHES if something
does go wrong. Once whatever bugs do arise are fixed in a timely
fashion, I have no complaints.

>This kind of *imbecility* gives some *real* arguments to tenants of 
>commercial development. No need to FUD anybody here : this is *real* 
>mispractice. Expect a lot of flak from the commercial development side, and 
>don't fight it : it will have been *well* *earned*.

Oh, leave him alone already. Maintaining a complex and critical package
is enough stress without being mindlessly flamed about it every time you
make a human mistake after you thought you'd tested your changes. I
expect that the 23 critical bug reports will have more than driven your
point home.

Under the circumstances, Sam's rapid warning to -devel-announce and
-user, and his subsequent quick upload so that we could point users at
incoming as early as possible, were exactly what I'd like to see in a
Debian developer.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Re: don't upgrade! libpam problem!
  - From: Emmanuel Charpentier <charpent@bacbuc.dyndns.org>

Prev by Date: Re: don't upgrade! libpam problem!
Next by Date: Re: don't upgrade! libpam problem!
Previous by thread: Re: don't upgrade! libpam problem!
Next by thread: RE: don't upgrade! libpam problem!
Index(es):
- Date
- Thread