[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeze Please?

On Fri, Feb 07, 2003 at 03:30:09PM -0500, Matt Zimmerman wrote:

 > No, I'm saying that cluttering the BTS with hundreds of critical and
 > grave bugs that the maintainer can do nothing about is not a useful
 > thing to do.

 What I'm saying is:
    * The release manager says that people who point out that testing
      has security problems are just bitching and not doing anything
      about it
    * IMO the first step towards fixing that is documenting what
      problems are there

    * Since the BTS is already used for release coordination, it seems
      natural to me to have known security issues recorded in the BTS

 > And who is going to manually review and process all of these uploads
 > to testing, and clean up the mess when maintainers (for example) just
 > re-upload the current unstable package?

 I'd hope maintainers have a bit more brains than that...

 First there are no volunteers, now there are too many.

 I don't *expect* every maintainer to go thru all the trouble of making
 security uploads to testing, but I'd also expect that if the
 information is readily available and everything is in place (which it
 is, c.f. previous mails from Anthony), people would be eager to do the
 dirty work.  Think BSPs.

 > Because it isn't yet.  If you are volunteering to take responsibility
 > for publishing this information responsibly
 Define responsibly.  You can't expect anyone to comply with your
 conditions if you don't even name them.


Reply to: