Re: Severity bump script

To: Matthias Klose <doko@debian.org>
Cc: debian-python <debian-python@lists.debian.org>, Debian release team <debian-release@lists.debian.org>
Subject: Re: Severity bump script
From: Paul Gevers <elbrus@debian.org>
Date: Thu, 5 Dec 2019 12:07:21 +0100
Message-id: <[🔎] a7be89f7-8e49-f32d-9d3c-5c502538fc4f@debian.org>
In-reply-to: <[🔎] c2207cfc-5593-4e36-2910-2b043ef25f9f@debian.org>
References: <349bb59d7f28ad6c70e567d9939b99f2f924d01a.camel@ondrej.org> <CAOO6c=zo004jCyXYMYbBhPonWk+CgTu368EtFfdPR9wJN3=jgw@mail.gmail.com> <[🔎] CAB4XWXz6g5iz=60Kta-wZSPicq9uK_gk1CZcPCVdY8G3rzd1-g@mail.gmail.com> <[🔎] 153751f7-2d80-3e4c-feb1-ea8b53767946@debian.org> <[🔎] c2207cfc-5593-4e36-2910-2b043ef25f9f@debian.org>

Hi,

On 03-12-2019 13:19, Matthias Klose wrote:
> It's unfortunate that issues for some packages only get attention when the
> severity of an issue is raised.  Following your proposal means that the issue is
> probably ignored forever, and you don't propose a better way going forward, just
> saying we should stop earlier.  I don't think that's the correct choice.  For
> now these seem to be single packages, so please could you name those, and we can
> look at those with a priority?  That's at least a path that is forward looking,
> or feel free to propose another approach better than your current proposal for
> not getting the attention of maintainers.

I guess what I'm asking for could be fulfilled by an announcement to
d-d-a with a package list (including via which package(s) they are
affected) attached including the standard grouping by DD. And then some
time to react.

Paul

PS, my original typed reply below. After having writing it, the idea
above emerged.

My problem with the current approach is that the way that developers
learn that they (potentially transitively) (build) depend on a Python 2
package is by the autoremoval message. I don't think that is acceptable
socially in the project. My proposal is to give the maintainers about
those packages a heads up. Via a bug report may be a bit weird in cases,
but in some cases may be the appropriate thing as the package could work
around the (build) dependency. At least adding "affects" helps a tiny
bit and direct e-mails to the maintainers (e.g. via the
<package>@packages.debian.org address will at least give them a heads
up. Even if the RM bug is coming eventually.

Again, I don't have a problem with Python 2 removal, even at the price
of packages that don't care that their dependency is written in Python.
I do care about proper communication. Using RC severity to trigger
autoremoval for non-leaf packages just yet is not appropriate in the
opinion of the release team. Even though I am well aware of the Python 2
removal effort I can tell from personal experience (cacti) that
receiving an autoremoval e-mail as the first sign of such a dependency
isn't nice, that's the problem I'm having and that needs solving in my
opinion.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Severity bump script
  - From: Sandro Tosi <morph@debian.org>

References:
- Re: Severity bump script
  - From: Sandro Tosi <morph@debian.org>
- Re: Severity bump script
  - From: Paul Gevers <elbrus@debian.org>
- Re: Severity bump script
  - From: Matthias Klose <doko@debian.org>

Prev by Date: Re: Joining the DPMT Team
Next by Date: Possible MBF for SyntaxWarning with Python 3.8
Previous by thread: Re: Severity bump script
Next by thread: Re: Severity bump script
Index(es):
- Date
- Thread