The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: History of X-War (was: Goodbye, all!)

(Forgive any typos/thinkos -- I've been programming for 18 hours, now.)


Good summary.  Just a few small points.


> I _do_ think, though, that I was justified with respect to moving 3.2
> into frozen as I did yesterday - particularly since I had announced my
> intention to do so in a reasonable message on Thursday.

I believe in order and a reasonable hierachy of command.  You didn't
just step outside of that hierachy, but stepped over the project
leader.  I don't think this is an acceptable course of action.  Imagine
if I had felt the same and moved those files back out of frozen.


> There then followed another discussion.  I, Marek, Bruce, Stuart
> Lamble and Jim Pick argued in favour of putting 3.2 into 1.2.  Brian
> White was alone (AFAICT) in arguing that we should leave the bug in.

There were a few other people who also spoke up against slipping the
release.  Those posts came near the peak of the discussion.  One
stated that if we slipped into the new year, he would be forced
to convert part of a small network from Debian to RedHat.


> More discussion followed as to whether slipping or releasing with the
> hole was worse.  It seemed to me that there was a strong feeling that
> the security hole was worse.

Again, there were a couple posts (besides mine :-) voting the other
way.  I also felt that "users" would be less concerned with the hole
than "developers" and the latter usually use "unstable", anyway.


> Following this, and seeing the apparent lack of progress, I posted on
> Thursday afternoon (UK time) that I would move 3.2 into frozen unless
> someone told me not to within 24 hours.
> 
> On Friday afternoon (the 29th), 24 hours later, noone had told me not
> to.  I think this was because noone was making the decision either
> way.  I posted again, saying I would do it in an hour's time.  Again,
> no response, I so went ahead.

I thought of replying but didn't figuring the conversation between
Bruce and myself would be sufficient.  Also, as I was working nights
for those two days, I didn't get the one-hour warning until 5 hours
too late.  Bruce was also at Thanksgiving dinner with his family for
part of it.  (Shame on him for taking time away from The Cause! :-)


> Between those of my messages on Thursday and Friday I read Bruce's
> posting handing the decision to Brian and Brian's posting saying that
> he felt we should go with 3.1.2.  I was greatly alarmed, thinking that
> as things were going we would release with the status quo, and posted
> the intemperate message that you'll recall.

The days may not be correct, but I think it was something like this:

  Wednesday: Bruce tells me that he is instituting policy that Debian
             will not ship with a security hole, ever.  I draft up
             a new release schedule that also addresses other concerns
             brought up (shadow passwords, installation problems, base
             disk testing, and lack of "formal beta").  Time: 2 months

  Thusday:   Bruce announces base disks have been uploaded and install
             problems will be addressed by the next day.  Bruce tells
             me he will abide by my decision.  I say ship with X3.1,
             include X3.2 outside the distribution on the CD, and
             announce the security hole, who it can affect, and how to
             upgrade (include reasons why it isn't integrated into the
             distribution).

  Friday:    Ian moves X3.2 into rex.  Bruce decides that rex must ship
             with X3.2 and asks for my resignation as "Distribution
             Manager".  I resign my position.



> Perhaps I should have mailed Bruce and asked him to tell Brian to go
> for 3.2 ?  Instead I chose to announce my intention to do something
> unless I was told not to, and then, since noone did, carried it out.

Originally, Bruce said he would put X3.2 on the CD elsewhere for
people to install.  As far as I knew, that basically solved the
problems.  Since I wasn't following the discussions of X3.2 (trying
to keep up with problems in "frozen"), I wan't even really aware
of the security bug until this last week.


> So: apart from my unreasonable and alarming/alarmed posting on Friday,
> do people still think I acted out of order ?

Yes.  My mind is a little stuffy, but I think "The ends don't justify
the means" is the proper quote.


> I'm not sure I have an opinion on how we can prevent this kind of
> problem arising again.

Mistakes happen.  Sometimes changes need to be made.  It is, however,
usually better to continue on a given track that to stop completely
and try to make another decision.  Indecision is far worse than a
wrong decision.  Even wrong decisions have their "up" sides.  With
indecision, though, you usually get the worst of all worlds.
                                             
                                          Brian
                                 ( bcwhite@verisim.com )
                                             
-------------------------------------------------------------------------------
  Want to get it together?  We can help!  http://www.verisim.com/coordinator/


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com