[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The new Social Contract and releasing Sarge

On Thu, Apr 29, 2004 at 01:11:18AM +0100, Colin Watson wrote:
> On Wed, Apr 28, 2004 at 01:55:30PM -0600, Jamin W. Collins wrote:
> > 
> > Would have been time?  There _was_ time, over 200 days in most
> > cases.  If the necessary change couldn't be made in 6+ months, how
> > much longer should it be given?
> 
> Sometimes the change has some other detrimental effect, and therefore
> maintainers may have chosen not to make them unless they have to.

Maybe we see things differently, but from my point of view, the
maintainers have known for quite a while that they did have to change
things.  Sure, it may have been possible to interpret the previous SC's
wording so this was a grey area.  Not specifically prohibited, but the
mere fact that these items were marked as sarge-ignore shows that they
were recognized as a problem, and one that did need to be resolved.
Letting these items sit without corrective action being taken/started
for 200+ days hoping that something would be done externally directly
lead to part of the situation we now find ourselves in (I am in no way
saying this was the intent of the recent GR).  Had work been done on
these packages from the beginning, regardless of the sarge-ignore tags,
we wouldn't be in such a bind.

Just because a specific class of problem is given a temporary stay of
action doesn't mean the developer's responsible for the packages
shouldn't have taken the initiative to make corrective changes anyway.

> For instance, fixing #211640 requires me to change
> openssh_*.orig.tar.gz so that it no longer matches the GPG signature
> distributed alongside the OpenSSH source distribution by its
> developers, which for a piece of security-critical infrastructure I
> feel would be a great shame. (I suppose I should at least remove that
> document from the binary package, though; in fact, I've just done that
> in CVS.)

Was this not a problem that would have needed to be addressed after the
sarge release anyway?  If so, why postpone it?  In the hopes sarge was
released soon?  That shouldn't have stopped the developer's from working
to correct their packages in the meantime.

I'm not sure that the above change in anyway corrects the actual problem
since the orig.tar.gz contains non-free items, and thus should not be in
main.

-- 
Jamin W. Collins

To be nobody but yourself when the whole world is trying it's best night
and day to make you everybody else is to fight the hardest battle any
human being will fight. -- E.E. Cummings
Reply to: