Re: Bits from the DPL
Hi Adrian,
Am Fri, Oct 03, 2025 at 11:16:11AM +0300 schrieb Adrian Bunk:
> Are we able to create new point releases of stable and oldstable within 48h,
> to withdraw the package (and withdraw/update reverse dependencies) there?
Thanks for raising this question.
As far as I know currently we can't guarantee such a rapid turnaround
across all suites.
Please understand that point in my bits as a question for us as a
project whether we want to set this as a long-term goal. Some in the
community consider it essential that Debian is able to react very
quickly when faced with credible legal claims or unfixable security
issues.
> A well-known case of claimed copyright infringement that was in the
> courts for two decades affected the Linux kernel.[1] Even in the best
> case where a code fix is available immediately, updating src:linux and
> then rebuilding the installers and then creating new point releases
> would be challenging to do within 48h.
If we agree that this is something we agree as a project, the next step
is to discuss how to make it feasible — for example, whether the
proposed split of responsibilities between the Archive Team and the
DFSG/licensing team could help, and what kind of processes or
infrastructure improvements would be required.
In the short term, the draft delegation texts need to describe the
responsible team, so that at least it is clear who owns the decision in
such cases. The question of how fast Debian can act is then something
we should keep working on together.
Kind regards
Andreas.
> [1] https://en.wikipedia.org/wiki/Timeline_of_SCO–Linux_disputes
--
https://fam-tille.de
Reply to: