[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU rules for security fixes (was: DEP1: Clarifying policies and workflows for Non Maintainer Uploads)



On Saturday 26 April 2008 02:07, Don Armstrong wrote:
> On Sat, 26 Apr 2008, Paul Wise wrote:
> > I'd prefer the security team did not delay fixes at all by default.
> > Exceptions for specific maintainers, transitions or other reasons
> > are fine too of course.
>
> For stable and testing, I agree. However, for unstable and
> experimental the maintainer should be at least given a chance to
> resolve the issue. [That is to say, I object to filing a bug and
> immediately NMUing for unstable; in almost all cases the bug should be
> a few days old before that happens.]

I agree with that. The cases where the available "patch" for a security issue 
was insufficient or broke other things are not quite rare. The maintainer of 
a package is the first one responsible for it and should be given the 
opportunity to comment on the patch and/or apply it himself. At least a few 
days, and of course depending on the impact of the bug: no need to rush in 
patches for low impact bugs.


cheers,
Thijs

Attachment: pgpmwdlCB8HZA.pgp
Description: PGP signature


Reply to: