[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeze Please?

On Thu, Feb 06, 2003 at 07:22:26PM +0100, Marcelo E. Magallon wrote:
> On Fri, Feb 07, 2003 at 12:38:49AM +1000, Anthony Towns wrote:
> 
>  > >  There are packages with not so trivial bugs stuck in it, and it
>  > >  has been said over and over again, it contains packages with
>  > >  security holes.
>  > Are you offering to help, or just bitching?
>  I was expecting that.
>  I'm saying that your assertion that testing is working ok is self
>  delusional.

Just bitching then. The word "working" was in quotes for just that reason.
The comment that "you're certainly not saying anything that's news to
anyone", that you've deleted, was likewise.

>  If you want to have it more verbosely, I'm saying that testing is a
>  nice experiment, but we have found empirical evidence that it does not
>  work as well as we hoped initially.  

It works exactly as well as we hoped initially, the assumptions it was based
on have proven intensely unreliable. Those assumptions were:

	* That we can provide releasable packages in unstable on
	  a regular, albeit not continual, basis. cf libc6's history
	  for the past six months.

	* That we can have a working installer, and thus working
	  installation published automatically at regular intervals. We're
	  actually getting somewhere with this although I'm not sure if
	  I'm willing to dump that on you.

	* That anyone would bother maintaining security updates for
	  testing.

>  Or put in another way, if the testing maintainance scripts are working
>  ok, why can't we release testing today?

Because we don't have an installer, no one's working on security issues,
and glibc in unstable has been broken since woody's release.

>  > Seriously, if you or anyone else wants to do the work to do security
>  > updates for testing on a regular basis, everything's in place -- all
>  > you have to do is upload the source packages, and work out whether you
>  > want to do it like stable security updates (on the separate server,
>  > made instantly available, possibly prepared before publication, with an
>  > advisory), or just as an "out-of-band" update.
>  That's good to know.  Do we have testing autobuilders?

Of course we do. "Everything's in place -- all you have to do is upload
the source packages."

>  > All this stuff has been in place since the new security architecture
>  > came into being
>  I have no clue what you are talking about.

Wow.

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
        you are now certified as a Red Hat Certified Engineer!''
Reply to: