Re: Not the only one. Was: Re: Bug#757555: pam: CVE-2014-2583 pam_timestamp directory traversal issues

[Matthias Klose <doko@debian.org>]

Am 10.08.2014 um 15:25 schrieb Lisandro Damián Nicanor Pérez Meyer:
> Interesting, because yesterday I've got a patch [0] (cool, thanks a lot!) but 
> stating that the package has been NMUed and uploaded to delayed/5. So, even 5 
> less days than in your case.
> 
> Less than 5 minutes later, the package entered the archive [1].
> 
> So, what am I supposed to do here?
> 
> Doko: I *really* appreciate the fact that you sent a patch, but *please* 
> respect your fellow DDs.

The first thing you can do is to stop assuming bad faith, instead of assuming a
mistake. I wouldn't have sent an email to the bug report and then uploading the
package by intent. So sorry about the unplanned immediate upload.

I wasn't aware that we are still supposed to do delayed/10 uploads, now that the
default priority for uploads is medium.

The issue was filed on May 4, with severity important and tagged for jessie. No
reaction. The severity was raised on May 30 to serious. No reaction.  Instead
some severity ping-pong was played on other issues.  No reaction on a RC issue
for over two months?

  Matthias