[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Who checks for bugs fixed in unstable but not in sarge?

On Thu, Aug 12, 2004 at 01:21:22PM +0200, Andreas Barth wrote:
> * Adrian Bunk (bunk@fs.tum.de) [040812 12:25]:
> > it's obvious that freezing testing requires the extra amount of work for 
> > someone to check every single frozen package with a more recent version  
> > in unstable whether sarge lacks required fixes.
> > 
> > They might be RC bugs like #237071, but it's also possible that an 
> > upload fixed a security bug [1] or other RC issues that had no RC bug or  
> > no bug at all in the BTS [2].
> > 
> > Most of the work will be after the full freeze, but even the base freeze 
> > has over 40 such packages that require manual checking.
> > 
> > It's obvious, that it wouldn't work to say the maintainers of the 
> > packages were responsible for this task.
> 
> Well, of course, the base reponsibility is with the package
> maintainer.

That's the theory.

But please don't pretend this would work in practice...

> AFAICS, Jeroen is keeping overall track now.
>...
> > Since I astonishingly discovered that this task hasn't been completed 
> > for the frozen base packages until now, I'd like to know which member of 
> > the release team is responsible for doing this task?
> 
> Why do you think this task is not worked on, if you're not subscribed
> to -release? (And of course, Jeroen is not member of the release team,
> but I don't care for that as long as the job is done.)

It was announced that "Official security support for sarge begins" and 
the toolchain is in order after "12 August 2004".

If such an easy and clearly RC bug as #237071 which is already fixed in 
unstable isn't adressed in testing until today, something is definitely 
going wrong. And if it was Jeroen's job as you said, he isn't doing it 
properly.

It will be worse between "28 August 2004" and "16 September 2004" 
when many hundred packages with a more recent version than in unstable 
whether sarge have to be evaluated and fixed during only three weeks.

This extra work is a price you have to pay for freezing testing, but if 
it isn't done properly and very fast, it might result in serious delays 
of the release.

> Cheers,
> Andi

cu
Adrian

BTW: Who had the idea of including three different versions of GnuTLS in
     sarge? I'm sure the security team will be happy to support three 
     different versions...

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed
Reply to: