Re: Freeze Please?

To: debian-devel@lists.debian.org
Subject: Re: Freeze Please?
From: "Marcelo E. Magallon" <mmagallo@debian.org>
Date: Sat, 8 Feb 2003 15:52:00 +0100
Message-id: <[🔎] 20030208145200.GC455@informatik.uni-stuttgart.de>
Mail-followup-to: "Marcelo E. Magallon" <mmagallo@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030207203009.GB10160@alcor.net>
References: <[🔎] 20030206050309.GB25259@azure.humbug.org.au> <[🔎] 20030206080552.GA28260@informatik.uni-stuttgart.de> <[🔎] 20030206143849.GA3236@azure.humbug.org.au> <[🔎] 20030206182226.GB5030@informatik.uni-stuttgart.de> <[🔎] 20030207041015.GD17980@azure.humbug.org.au> <[🔎] 20030207043039.GB31736@homer.opus.geek> <[🔎] 20030207081919.GA1563@informatik.uni-stuttgart.de> <[🔎] 20030207151108.GF16286@alcor.net> <[🔎] 20030207181405.GB2236@informatik.uni-stuttgart.de> <[🔎] 20030207203009.GB10160@alcor.net>

On Fri, Feb 07, 2003 at 03:30:09PM -0500, Matt Zimmerman wrote:

 > No, I'm saying that cluttering the BTS with hundreds of critical and
 > grave bugs that the maintainer can do nothing about is not a useful
 > thing to do.

 What I'm saying is:

    * The release manager says that people who point out that testing
      has security problems are just bitching and not doing anything
      about it

    * IMO the first step towards fixing that is documenting what
      problems are there

    * Since the BTS is already used for release coordination, it seems
      natural to me to have known security issues recorded in the BTS

 > And who is going to manually review and process all of these uploads
 > to testing, and clean up the mess when maintainers (for example) just
 > re-upload the current unstable package?

 I'd hope maintainers have a bit more brains than that...

 First there are no volunteers, now there are too many.

 I don't *expect* every maintainer to go thru all the trouble of making
 security uploads to testing, but I'd also expect that if the
 information is readily available and everything is in place (which it
 is, c.f. previous mails from Anthony), people would be eager to do the
 dirty work.  Think BSPs.

 > Because it isn't yet.  If you are volunteering to take responsibility
 > for publishing this information responsibly

 Define responsibly.  You can't expect anyone to comply with your
 conditions if you don't even name them.

-- 
Marcelo

Reply to:

Follow-Ups:
- Re: Freeze Please?
  - From: Michael Stone <mstone@debian.org>
- Re: Freeze Please?
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: Freeze Please?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Freeze Please?
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>
- Re: Freeze Please?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Freeze Please?
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>
- Re: Freeze Please?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Freeze Please?
  - From: Graham Wilson <bob@decoy.wox.org>
- Re: Freeze Please?
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>
- Re: Freeze Please?
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Freeze Please?
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>
- Re: Freeze Please?
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: SAPHI SAT UON GIA DUNG
Next by Date: Re: testing, unstable, and dependencies
Previous by thread: Re: Freeze Please?
Next by thread: Re: Freeze Please?
Index(es):
- Date
- Thread