Re: testing-stable-unstable [was: Are there too many Debian developers]

[Matt Zimmerman <mdz@debian.org>]

(taking this to debian-devel)

On Mon, Dec 16, 2002 at 06:47:54PM -0500, Thomas Smith wrote:

> On Mon, Dec 16, 2002 at 08:44:54AM -0500, Matt Zimmerman wrote:
> > The tags are not at all what I need, even if their meaning were
> > precisely defined.
> 
> Given the situation in your earlier e-mail, the tags would work fine
> AFAICT.  When the bug is filed, it should be given tags for both woody and
> sid, since it is up to the maintainer to determine if the bug is already
> fixed in sid if the bug report does not say so explicitly---this is not a
> job for attempts to parse branches and such.  Then, when the package is
> uploaded to stable with a Closes: #foo, the stable tag is removed.  If the
> problem exists in sid, the next upload to sid should also have a Closes:
> #foo if it fixes the bug.

What I think you haven't considered is that packages propagate between
distributions without maintainer uploads, e.g.  unstable->testing->stable,
stable-security->stable, etc.  In order to accurately keep track of when the
bugfixes propagate, the version information must be stored.

This may be overkill for the general BTS, but I think it is important for
security.

> Basically, I disagree that figuring out what range of versions a bug
> applies to is a job for the BTS, and it's probably not for the security
> team either--you seem busy enough.  It is a job for the maintainer.

Regardless of who collects and maintains this information, it must be stored
and used to answer queries.  In many situations, it would be ideal for
anyone to be able to provide additions and corrections to the data.  Where
maintainers are willing and able, they can help, and where they cannot,
others would be able to step in.

-- 
 - mdz