[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question about non-maintainer proposed-updates



Hi,

On Tue, Apr 23, 2024 at 10:27:15PM +0100, Samuel Henrique wrote:
> So the question is, does the release team consider it ok to push
> proposed-updates without having to go through the package maintainer (given we
> follow the regular process for p-u uploads)?

Yes. We're looking for several things:

 * minimal changes, wherever practical
 * maintainer input if available
 * upstream input if available
 * testing, not just limited to the fix itself

Updates in stable distributions can have consequence where you least expect
them, which is why we are generally cautious. The easiest requests to say
"yes" to are those where the propser has tested thoroughly and documented
how they did so.

> In case the release team says we have to reach out to the maintainer, would it
> be possible to provide some rough guidelines? For example: "cc'ing the
> maintainer on the release.d.o p-u bug report is all that's needed", or "open up
> a bug against the package indicating your intention to do a p-u upload".

"Reasonable efforts". Mailing the original bug report, copying on the
proposed update bug and waiting a few days to a couple of weeks is
reasonable.

> Would the answer be the same for any type of p-u upload? I assume a no-dsa CVE
> fix and a regular bug fix would fall into the same bucket (that's why I've made
> the email subject generic).

Yes.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1


Reply to: