Hi Shengjing, On 23-06-2019 13:59, Shengjing Zhu wrote: > On Sun, Jun 23, 2019 at 12:09:13PM +0200, Paul Gevers wrote: >> Technically, you're already too late, the package will only be 2 of 5 >> days old on Tuesday 13:00 UTC. But I have much worse concerns, see below. >> > > It's all up to the release team's decision, right? Very well said. I appreciate it that you realize that. >>> + * Non-maintainer upload. >> >> This I worries me. "Apparently" Arnaud didn't consider it appropriate to > > There's nothing wrong in the procedure. Fixing RC bug and no maintainer > activity on the bug for 7 days, it's 0 day. Oh, sure, I wasn't really talking about procedures here, but I see how you could read my comment like that. I worry about making the right decision. For docker.io, with the security team worries and the standing golang situation, an upload (or at least a full ACK) from the maintainers is very welcome for the possibility of an exception. > I have CCed the maintainers, and "apparently" there's no disagreement > afterwards. Sorry, not good enough for me in this case. >> On top of that, I worry quite a bit that by disabling that test in the >> upstream patch, you are hiding a real problem. If it is possible from >> within the docker container to crash the host, that's a severe issue. >> Can you take away my worries? >> > > All code could have bug, it includes the test code. If you find a > serious bug for this version, please file a bug, then it could prevent > docker.io to migrate. Oh, much simpler. If I won't let it migrate, I'll actively remove it from buster. > But FTR again, I didn't blindly upload the patch. I do test, like running > the result binary, and the affected command. And more importantly, the > newly added code, didn't break any existing test cases. Ack, but still not good enough. I noted Sam's effort, but it doesn't comfort me enough to give an exception for docker.io. For the record, I'm very much inclined to remove docker.io from buster tomorrow. Paul
Attachment:
signature.asc
Description: OpenPGP digital signature