Re: Proposal - Deferment of Changes from GR 2004-003

To: debian-vote@lists.debian.org
Cc: ftpmaster@debian.org, Martin Schulze <joey@infodrom.org>, team@security.debian.org
Subject: Re: Proposal - Deferment of Changes from GR 2004-003
From: Steve Langasek <vorlon@debian.org>
Date: Wed, 28 Apr 2004 12:44:49 -0500
Message-id: <[🔎] 20040428174448.GG24367@tennyson.netexpress.net>
Mail-followup-to: Steve Langasek <vorlon@debian.org>, debian-vote@lists.debian.org, ftpmaster@debian.org, Martin Schulze <joey@infodrom.org>, team@security.debian.org
In-reply-to: <[🔎] 20040428045529.U13880@links.magenta.com>
References: <[🔎] 20040428014134.GA23222@quetzlcoatl.dodds.net> <[🔎] 20040428045529.U13880@links.magenta.com>

On Wed, Apr 28, 2004 at 04:55:29AM -0400, Raul Miller wrote:
> On Tue, Apr 27, 2004 at 08:41:35PM -0500, Steve Langasek wrote:
> > 1. that the amendments to the Social Contract contained within the
> >    General Resolution "Editorial Amendments To The Social Contract"
> >    (2004 vote 003) be immediately rescinded;
> > 2. that these amendments, which have already been ratified by the Debian
> >    Project, will be reinstated effective as of September 1, 2004 without
> >    further cause for deliberation.

> What about security fixes and other bug fixes for sarge?

> While the content in question is generally stuff like documentation,
> image data, firmware for auxilary hardware or the like, in most cases the
> packages in question have not been factored such that the problematic
> content is in a different package from the rest of the stuff.  Worse,
> in some cases the problematic content itself might have security problems.

> iI believe one of the original motivations for the DFSG was to enable
> us to address security issues and other critical problems in a timely
> fashion.  By and large, it does, but in this context it might have the
> opposite afect.

Since the impetus for this GR (and the larger discussion) has been our
release manager's interpretation of the amended Social Contract, I admit
I didn't give much thought to how it would apply to sarge post-release
while drafting my proposal.  I certainly agree it's important to find
this out before the GR goes to vote.

I've cc:ed our stable release manager, ftp-masters, and the security
team, in the hopes that they'll offer some insight into their
understanding of their own responsibilities for sarge if this GR passes.

Thanks,
-- 
Steve Langasek
postmodern programmer


> Possibilities:

> * require another GR for security fixes -- bad because then
> security fixes can't be made in a timely fashion.

> * release such fixes in the form of some kind of "patch" which is
> independent of our current dpkg infrastructure -- bad because this is
> based on vaporware.

> * change the language of the GR.

> I'll grant that my informal proposal, mentioning sarge by name, is weaker
> than the proposal mentioned by Steve Langasek.  However, maybe it would
> be a good idea to give a more relaxed deadline on security related updates
> (and other grave or critical problems -- with perhaps the release manager's
> team getting final say on whether severity assignments are appropriate)?

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Proposal - Deferment of Changes from GR 2004-003
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Proposal - Deferment of Changes from GR 2004-003
  - From: Steve Langasek <vorlon@debian.org>
- Re: Proposal - Deferment of Changes from GR 2004-003
  - From: Raul Miller <moth@debian.org>

Prev by Date: Re: Re: Re: General Resolution: Handling of the non-free section: proposedBallot
Next by Date: Amendment [RFD: Deferment of GR Changes from GR 2004-003]
Previous by thread: Re: Proposal - Deferment of Changes from GR 2004-003
Next by thread: Re: Proposal - Deferment of Changes from GR 2004-003
Index(es):
- Date
- Thread