[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

NMU rules for security fixes (was: DEP1: Clarifying policies and workflows for Non Maintainer Uploads)



Hi Bas,
* Bas Wijnen <wijnen@debian.org> [2008-04-24 23:34]:
> We (Bas Wijnen, Lucas Nussbaum) worked on a Debian Enhancement
> Proposal[0] on the policies and workflows for Non Maintainer Uploads
> (NMUs).
> 
> The main purpose of the proposal is:
>  * to explicitely allow fixing bugs of severity lower than important in
>    NMUs.
>  * to encourage the use of the DELAYED queue.
>  * to try to encourage a responsible approach for NMUs, instead of an
>    approach based on strict rules.
[...] 
What about introducing a special case regarding the waiting 
period before uploading an NMU for security bugs? There are 
often cases in which we already have a patch handy to fix a 
security issue but still wait a few days on the maintainers 
reaction.

The 0-day NMU rules at the moment are already 
helpful here but I also consider 7 days of waiting period as 
unacceptable for security fixes and not all maintainers are 
on the Low-Treshold-NMU list.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpd4TI47zBkm.pgp
Description: PGP signature


Reply to: