[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal - Deferment of Changes from GR 2004-003

On Tue, Apr 27, 2004 at 08:41:35PM -0500, Steve Langasek wrote:
> 1. that the amendments to the Social Contract contained within the
>    General Resolution "Editorial Amendments To The Social Contract"
>    (2004 vote 003) be immediately rescinded;
> 2. that these amendments, which have already been ratified by the Debian
>    Project, will be reinstated effective as of September 1, 2004 without
>    further cause for deliberation.

What about security fixes and other bug fixes for sarge?

While the content in question is generally stuff like documentation,
image data, firmware for auxilary hardware or the like, in most cases the
packages in question have not been factored such that the problematic
content is in a different package from the rest of the stuff.  Worse,
in some cases the problematic content itself might have security problems.

iI believe one of the original motivations for the DFSG was to enable
us to address security issues and other critical problems in a timely
fashion.  By and large, it does, but in this context it might have the
opposite afect.


* require another GR for security fixes -- bad because then
security fixes can't be made in a timely fashion.

* release such fixes in the form of some kind of "patch" which is
independent of our current dpkg infrastructure -- bad because this is
based on vaporware.

* change the language of the GR.

I'll grant that my informal proposal, mentioning sarge by name, is weaker
than the proposal mentioned by Steve Langasek.  However, maybe it would
be a good idea to give a more relaxed deadline on security related updates
(and other grave or critical problems -- with perhaps the release manager's
team getting final say on whether severity assignments are appropriate)?



Reply to: