On Wed, Nov 22, 2000 at 08:53:49AM -0500, Ben Collins wrote:
> So we release immediately even though there are major security updates and
> package revisions that need to be done? That sounds like RH release goals,
> "make the point change, just so it looks like we are doing something".
I repeat: at the moment potato has a number of security problems which
have packaged, completed fixes. Furthermore, the Debian Project Leader is
being cited as saying that ``Debian is broken'' [0], and the the Debian
Press Contact is on the record as having announced ``It is recommended
that people wishing to install [...] updates or create CD images wait
until the release of version 2.2r2 to do so'' [1]. Not only this, Debian
is also on record as assuring users that ``A 2.2r2 release is expected
within the next 10 days'' [2].
Since I'm being held responsible both for the current situation and for
resolving it, and since no one else appears to be willing to take over
that responsibility, forgive me for not being overly willing to just
let 2.2r1 sit around for a couple of weeks, or overly interested in
negotiating about that timeframe.
> > > - Security updates affecting base packages, Wichert. How long till this
> > > is done? What packages should we be watching for?
> > > - Rest of securitu updates, Wichert (time frame again please).
> > So in short, r2 will come out with what fixes are available, with the
> > major goal of fixing the two notable bugs (pcmcia on i386 and dpkg on
> > sparc uninstallable) with r1, so that Debian is once again willing to
> > suggest people use potato, whether these are done or not.
> > Security updates should be installed from security.debian.org.
> I thought the whole point of point releases was to include the security
> updates in the main release?
The point is to improve the existing stable release, whether that be by
adding useful features, fixing outstanding bugs, or closing security
holes. If the whole point of stable revisions was security updates,
it'd be the security team that would be managing them, not me.
> > > - Kernel 2.2.18-pre21 builds (ports who want it). Let me know who wants
> > > this, and when you can get it done. If you do not tell me that your port
> > > needs 2.2.18-pre21 kernel images, then we wont be waiting for it to be
> > > uploaded. Give me a time frame for completion please.
> > > [sparc] Will build, should be done on Nov 22.
> > Please give times in UTC, Nov 22 is almost over here.
> Sorry, 4pm Nov 22, -0005
"2000/11/22 11:00 UTC" is probably easiest for comparison.
> > > [sparc] Need to do a binary only gtk upload to fix deps between indep
> > > and arch packages. Will not affect other archs. This is needed
> > > for the openssh security fix to be compiled. [3 days]
> > This is trivial to fix: it's just a matter of hard coding a version in
> > debian/control. I'll mail you a patch privately after it's tested. (So
> > I don't see any reason for the delay)
> I realize that, which is what I was going to do to fix it.
Three days just seems overly long, unless I'm missing something. ("three
hours" I could've believed, except you were sleeping in the meantime...)
Cheers,
aj
[0] http://lists.debian.org/debian-devel-0011/thrd3.html#01021
[1] http://lists.debian.org/debian-announce-00/msg00011.html
[2] Same url as [1], and you'll note the date then was 14 Nov 2000. You'll
also note today's date.
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Thanks to all avid pokers out there''
-- linux.conf.au, 17-20 January 2001
Attachment:
pgp_we1zigXGX.pgp
Description: PGP signature