On Mon, Mar 29, 1999 at 08:18:23PM -0500, Zephaniah E. Hull wrote: > On Mon, Mar 29, 1999 at 03:32:12PM +0200, Marco d'Itri wrote: > > On Mar 28, Martin Schulze <joey@finlandia.Infodrom.North.DE> wrote: > > > - critical security fix: 2 days. > > I think those fixes should be uploaded as fast as possible by anyone > > willing, [...] > Agreed, if a security hold was found in my package I would not mind > someone doing a NMU and sending me a quick email with the patch and a > reason.. > When it comes to security issues, we should not care who's toes we step > on, the first order of business should always to get a fix in... Erm. We still should be checking to see if the maintainer is already working on it (or has already uploaded a fix to Incoming), and it would seem polite to send an "Intent to NMU" to the maintainer and give him/her at least a couple of hours to say "No, this is more complicated than you realise, that fix will just introduce these new bugs", or something similar. Sure, getting bugs fixed is more important than pussy footing around to avoid treading on toes, but a waltz is much more enjoyable if you at least make some effort. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. PGP encrypted mail preferred. ``Like the ski resort of girls looking for husbands and husbands looking for girls, the situation is not as symmetrical as it might seem.''
Attachment:
pgphSQXJ7Sgwc.pgp
Description: PGP signature