The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

About release engineering, authority, and stuff

To: debian-private@lists.debian.org
Subject: About release engineering, authority, and stuff
From: Lars Wirzenius <liw@iki.fi>
Date: Thu, 28 Nov 1996 03:52:20 +0200
Importance: low
Priority: non-urgent
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"TKPyw.0.mk3.bGFdo"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org
Sender: liw@clinet.fi

[ Please don't Cc: me when replying to my message on a mailing list. ]

I think Brian's done a good job on keeping us on schedule. The
job is unlikely to give him friends, but we need someone to
do it. I hope Brian will continue.

I'm not sure why Brian wasn't informed about the seriousness
of the Xt bug. It was discussed on debian-devel, but the list
does have a bit of volume, and it's easy to miss things. We
live[1] and learn. In the future, we need to make sure he is
mailed directly.

I'd like to summarize the X issue like this: If we ship Debian
1.2 with XFree86 3.1.2, users can have X, or they can have
security, but not both.  The exploit is too widely known for any
other interpretation.  XFree86 3.2 may have other security holes,
but at least there is hope there isn't, or that we can fix them.

If we ship with 3.1.2, Debian will get a reputation for security
issues, and bad reputations take a long time to get rid of. If
we ship 3.2, we will have to delay release, and once again prove
our reputation of slipping deadlines to be correct. It's a lose-lose
situation. It's not Brian's fault if we slip deadlines again.
We should have shipped 1.2 on September 15.

In my opinion, it's better to use 3.2, even if we have to
delay release for a month more. Security is more important
than deadlines. In my opinion.

-- 
Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me.
Please don't Cc: me when replying to my message on a mailing list.

[1] She too likes ice cream. ;-)

Attachment: pgptU_g9JKaWC.pgp
Description: PGP signature

Follow-Ups:
- Re: About release engineering, authority, and stuff
  - From: Guy Maor <maor@ece.utexas.edu>

Prev by Date: Re: Proposed: a debian-policy list
Next by Date: Re: Proposed: a debian-policy list
Previous by thread: prototype beta test announcement
Next by thread: Re: About release engineering, authority, and stuff
Index(es):
- Date
- Thread