Bug#723641: pu: package xen/4.1.4-5

To: Thijs Kinkhorst <thijs@debian.org>
Cc: 723641@bugs.debian.org
Subject: Bug#723641: pu: package xen/4.1.4-5
From: Bastian Blank <waldi@debian.org>
Date: Mon, 30 Sep 2013 18:52:11 +0200
Message-id: <20130930165211.GA31491@mail.waldi.eu.org>
Reply-to: Bastian Blank <waldi@debian.org>, 723641@bugs.debian.org
In-reply-to: <6367f639a63007fb478955437c644c71.squirrel@aphrodite.kinkhorst.nl>
References: <20130918120641.21000.54390.reportbug@rockhammer.waldi.eu.org> <1379883534.4765.48.camel@jacala.jungle.funky-badger.org> <20130922213445.GA26461@mail.waldi.eu.org> <4dc3baf150d8edc4d9b25a599be5083c.squirrel@aphrodite.kinkhorst.nl> <20130923084715.GA28647@mail.waldi.eu.org> <6367f639a63007fb478955437c644c71.squirrel@aphrodite.kinkhorst.nl>

On Mon, Sep 30, 2013 at 04:38:24PM +0200, Thijs Kinkhorst wrote:
> Thanks. I've read them. My conclusion is that there are two problems:
> 1/ On a previous upload, someone from the security team added extra
> changes without coordination or reporting them back.
> 2/ It took long to process the upload and there was no feedback on problems.
> Agreed?

No.  This are symptoms, not problems.  The main problem is
_communication_.

> On the first point, although I don't know exactly what changes were added
> by whom, I fully agree that if such is the case that's not good and
> understanding that it's annoying to you. I'm sure that we can agree that
> this was a mistake and that this should not happen again.

I don't think this will work.  The current security process ignores
any communitation that is otherwise part of the NMU process.  As long as
the security team does not have some policy to cummunicate first and do
later, especially if the maintainer is already in the loop or, worse,
did it herself, I see not why this should work now.

> The second point is indeed unfortunate, reading back it seems related to
> two different problems with DAK.

My main problem are the missing mails on uploads.  If the ftp-masters
refuses to accept a patch---did they?---you have to do it by human
relay.

> Given the limitations of tools and manpower and the large number of issues
> that we need to deal with, the process will probably never be perfect.

If you lack manpower, why don't I remember any calls for help like the
ftp-team or ctte did?

All the cases in the last years actually made them _more_ work.
Preparing and _testing_ a package is way more work then sending a mail
"I don't like it, please …" or "I haven't seen an upload, I'll do it".

>                                     Do you think we could just try to
> start anew? In the end it benefits our users most if Xen updates would
> come through the security channel.

There where three points in my mail …

Bastian

-- 
Where there's no emotion, there's no motive for violence.
		-- Spock, "Dagger of the Mind", stardate 2715.1

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#723641: pu: package xen/4.1.4-5
  - From: Bastian Blank <waldi@debian.org>
- Bug#723641: pu: package xen/4.1.4-5
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#723641: pu: package xen/4.1.4-5
  - From: Bastian Blank <waldi@debian.org>
- Bug#723641: pu: package xen/4.1.4-5
  - From: "Thijs Kinkhorst" <thijs@debian.org>
- Bug#723641: pu: package xen/4.1.4-5
  - From: Bastian Blank <waldi@debian.org>
- Bug#723641: pu: package xen/4.1.4-5
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Re: automake transition breakages
Next by Date: Bug#724254: nmu: gst-plugins-bad1.0_1.0.10-3 and yatm_0.8-1
Previous by thread: Bug#723641: pu: package xen/4.1.4-5
Next by thread: Processed: tagging 723641
Index(es):
- Date
- Thread