Re: Freeze Please?
On Fri, Feb 07, 2003 at 03:30:09PM -0500, Matt Zimmerman wrote:
> No, I'm saying that cluttering the BTS with hundreds of critical and
> grave bugs that the maintainer can do nothing about is not a useful
> thing to do.
What I'm saying is:
* The release manager says that people who point out that testing
has security problems are just bitching and not doing anything
* IMO the first step towards fixing that is documenting what
problems are there
* Since the BTS is already used for release coordination, it seems
natural to me to have known security issues recorded in the BTS
> And who is going to manually review and process all of these uploads
> to testing, and clean up the mess when maintainers (for example) just
> re-upload the current unstable package?
I'd hope maintainers have a bit more brains than that...
First there are no volunteers, now there are too many.
I don't *expect* every maintainer to go thru all the trouble of making
security uploads to testing, but I'd also expect that if the
information is readily available and everything is in place (which it
is, c.f. previous mails from Anthony), people would be eager to do the
dirty work. Think BSPs.
> Because it isn't yet. If you are volunteering to take responsibility
> for publishing this information responsibly
Define responsibly. You can't expect anyone to comply with your
conditions if you don't even name them.