[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)

On Thu, Oct 20, 2016 at 14:26:41 +0000, Holger Levsen wrote:

> On Thu, Oct 20, 2016 at 03:59:53PM +0200, Santiago Vila wrote:
> > But I'm a little bit surprised that the whole story begins in wheezy LTS.
> > Should this not start in unstable with a bug report?
> this often happens when there was a CVE with or without a bug filed and
> noone uploaded a fix. then, at some point, the LTS team comes around and
> is paid to fix this in LTS…
> I also think it would be better to always (well, unless the package is
> gone) make sure this is fixed in unstable first and then in LTS but I 
> dont think this is an individual question but rather think this should
> be addressed by implementing it as mandatory part of the LTS workflow.
Yes please.  The amount of QA you can do pre-release on wheezy updates
is presumably fairly limited.  Having patches tested in unstable in the
(presumably not that rare) cases where the backport isn't the most
difficult/risky part of fixing the bug seems like it would benefit
everyone, except for maybe delaying your payments a bit.  (My pet peeve
here are the recent libx* CVEs, which aren't critical, and where the
patches are tricky enough that regressions aren't exactly unlikely.
Maybe that's rare.  I don't think it is.)


Reply to: