Re: Goodbye, all! (Whatever became of X3.2)

[ian@chiark.greenend.org.uk (Ian Jackson)]

Bruce:
> Don't worry, Ian's not going to win any popularity contests. He does have
> a large personal investment in the project, but his manner was extremely
> obnoxious.

Yes, and I apologise.  The whole thing was really getting to me, and I
poured out my angst in an extremely inappropriate way.  In particular,
I apologise for making the threats I did.

I _do_ think, though, that I was justified with respect to moving 3.2
into frozen as I did yesterday - particularly since I had announced my
intention to do so in a reasonable message on Thursday.

Here is my view of the history of this problem:

The bug was first reported on the 29th of August as #4332 by Marek
Michalkiewicz, and again by me on the 1st of September (#4364).  On
the 25th of October Marek asked that if X was to be recompiled this
bug should be fixed and pushed into stable.  On the 30th of October
the new 3.2 X packages were released and the bugs were closed (9th
November).

On the 6th of November Brian posted a schedule which put X 3.2 in
Debian 1.3.  Marek asked that 3.2 be put in 1.3 because of the libXt
buffer overrun bug, to which Brian replied:
> It's already been decided than XFree 3.2 will not be part of Rex.
> Bruce will encourage CD makers to include the 3.2 package from
> unstable, though, on their CDs.

Marek:
> Can we consider this again?  BTW, the slowdown is apparently due
> to kernel changes between 2.0.23 and 24 (linux/include/net/sock.h)
> - it's not a problem with X itself.  The original report compared
> different X versions on different kernels - not a good comparison.
> 
> I know we now have a freeze, but I think the XFree 3.2 upgrade
> should be considered a bugfix.

Brian:
> Even Stephen Early said he wanted to wait until the next release.
> There is always "one more thing" that people would like in the release.
> It's not worth delaying rex.  Bruce, Stephen, and myself all feel
> that, being such a large and complex package with many depandancies
> upon it, it might delay the release of Debian 1.2.

That was the end of the discussion for the moment.

The discussion was reopened on the 19th of November, again my Marek,
again suggesting that X 3.2 was the solution to a critical bug, and
again being told by Brian that he wouldn't allow it.  There was some
side discussion about xaw3d and the naming of unstable.  Larry Daffner
posted in support of Marek.  Joost Witteveen wrote on the 23rd of
November that he thought 3.2 being in 1.2 `seemed probable'.

On the 26th of November I responded to another of Brian's schedules,
which once again left X 3.2 for 1.3.  I said:
> I thought we had concluded that the best way to deal with the Xt
> buffer overrun problem would be to push X 3.2 into rex.
> 
> I don't know whether we want to have a longer codefreeze for this, but
> we _do_ need to do something about it - we should not release with an
> unfixed Xt buffer overrun bug.

Brian replied:
> I am aware of no such conclusion.  Nobody filed a critical bug about it.

...and...

> The release was announced 6 weeks ago and Rex has been frozen for 4 weeks.
> If the problem could not be solved in that amount of time, it will not
> be fixed in the near future.

...and...

> No release will ever be perfect.  There will always be "one more thing"
> that should be done.  I cannot see how this problem is any more serious
> that people still having problems such as gzip/compress links because the
> last release was so long ago.

This was the posting where Brian didn't seem to understand that Xt was
a core part of X.

There then followed another discussion.  I, Marek, Bruce, Stuart
Lamble and Jim Pick argued in favour of putting 3.2 into 1.2.  Brian
White was alone (AFAICT) in arguing that we should leave the bug in.

Late on Wednesday the 27th I posted my opinion that something had to
be done, either patching 3.1.2 or releasing 3.2.  There was much
discussion, but again almost everyone said that if no 3.1.2 fix was
feasible then we should release 3.2 instead.  Steve Early said that a
3.1.2 fix was infeasible.

More discussion followed as to whether slipping or releasing with the
hole was worse.  It seemed to me that there was a strong feeling that
the security hole was worse.

Following this, and seeing the apparent lack of progress, I posted on
Thursday afternoon (UK time) that I would move 3.2 into frozen unless
someone told me not to within 24 hours.

On Friday afternoon (the 29th), 24 hours later, noone had told me not
to.  I think this was because noone was making the decision either
way.  I posted again, saying I would do it in an hour's time.  Again,
no response, I so went ahead.

Between those of my messages on Thursday and Friday I read Bruce's
posting handing the decision to Brian and Brian's posting saying that
he felt we should go with 3.1.2.  I was greatly alarmed, thinking that
as things were going we would release with the status quo, and posted
the intemperate message that you'll recall.

In summary:

It seems to me that everyone except Brian was in favour of shipping
3.2, and that even Brian was willing to concede the point, but that
noone felt able to make a conclusive decision to act.

In particular, it seems to me at least from the messages I recall
reading that Brian gave Bruce the opportunity to make the decision to
put 3.2 into 1.2, but I also recall Bruce asking Brian for permission
to do so !

Perhaps I should have mailed Bruce and asked him to tell Brian to go
for 3.2 ?  Instead I chose to announce my intention to do something
unless I was told not to, and then, since noone did, carried it out.

So: apart from my unreasonable and alarming/alarmed posting on Friday,
do people still think I acted out of order ?

I'm not sure I have an opinion on how we can prevent this kind of
problem arising again.

Ian.


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com