[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: linhdd concerns (was: Re: Updated Debian Maintainers Keyring)

On Sat, Nov 24, 2007 at 11:22:52PM +0530, Ramakrishnan Muthukrishnan wrote:
> [I did not recieve the original email addressed to me by aj, so I am
> literally "reading between the lines" to digest the original message]

It was sent to your @d.o address, and is in the list archives at:


> >> Ramakrishnan, how did your sponsorship checking miss both this error
> >> and the RC bug (442093) the previous upload introduced by the i386
> >> binary's absence?
> I have tried to catch and feed the lintian and linda errors back to
> Kartik all the time. I really don't know how I missed it. 

Well, it was overriden, so unless you'd use lintian with --show-overrides,
it wouldn't've shown up.

> If I remember right, I did an upload of this package only once. 

You sponsored both the 0.4-1 and 0.4-2 uploads according to the signatures
on the .changes files [0].

AFAICS, there were three places where, as sponsor, you could have picked
this issue up:

    - in the 0.4-1 upload, you should have found that the program didn't
      work at all after being built, ie spotted Bug#442093 prior to
      uploading; working more closely with Kartik in solving that bug
      might have avoided including abs_fdisk at all

    - in the 0.4-2 upload, you should've seen the changelog entry "added
      abs_fdisk binary" and wondered why a "binary" was being added to an
      arch:all package. Or why it wasn't using fdisk from util-linux.

    - in the 0.4-2 upload, you might've looked at the debdiff against
      0.4-1 and noticed the addition of the debian/lintian.override file

linhdd: arch-independent-package-contains-binary-or-object ./usr/bin/abs_fdisk

      and asked what was going on.

> Please go ahead with my upload rights removal and also removal from
> debian keyring, if you judje people by just one of their actions.

In this case it's inaction, and it'd be better if you'd acknowledge the
problem and do what you can to avoid it in future. From the above, it
seems like when sponsoring packages you're not always:

    - testing to see if they work
    - reviewing the changelog with an eye for problems
    - running debdiff to see if anything looks odd
    - agreeing to sponsor packages only when you've got time to review them

That's only my inference from the results though; maybe you are doing
some or all of the above normally, and just slipped up this time. Or
maybe you have some other technique to catch problems that makes more
sense than the above? 

Removal of your upload rights is one way of avoiding this mistake in
future, but there are lots of other sponsors who could make the same
mistake, and given you sponsor other things, it has a lot of collateral


[0] ajt@merkel:/srv/ftp.debian.org/queue/done$ gpgv \
        --keyring /srv/keyring.debian.org/keyrings/debian-keyring.gpg \
    gpgv: Signature made Thu Sep  6 11:01:25 2007 MDT using DSA key ID 6A9F3C38
    gpgv: Good signature from "Ramakrishnan M <rkrishnan@debian.org>"

    ajt@merkel:/srv/ftp.debian.org/queue/done$ gpgv \
        --keyring /srv/keyring.debian.org/keyrings/debian-keyring.gpg \
    gpgv: Signature made Wed Sep 19 10:19:22 2007 MDT using DSA key ID 6A9F3C38
    gpgv: Good signature from "Ramakrishnan M <rkrishnan@debian.org>"

Attachment: signature.asc
Description: Digital signature

Reply to: