The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how did this happen?

To: Brian White <bcwhite@verisim.com>
Subject: Re: how did this happen?
From: Jim Pick <jim@jimpick.com>
Date: Wed, 04 Jun 1997 15:43:48 -0700
Cc: Bruce Perens <bruce@pixar.com>, debian-private@lists.debian.org
In-reply-to: Your message of "Wed, 04 Jun 1997 17:48:30 EDT." <3395E2C2.49E3F9A8@verisim.com>
Resent-cc: recipient list not shown: ;
Resent-date: 4 Jun 1997 23:43:51 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"liT3q2.0.HX7.ssVbp"@debian>
Resent-sender: debian-private-request@lists.debian.org

> Since becoming a "release candidate", every package I allowed into
> the distribution was approved by the testing group before hand.  I
> have allowed no packages in at all for a week.

I guess one week was enough.  We probably had two different interpretations
of what a release candidate was - what I would call a release candidate
would be what existed, after the last minute revisions were added.  The
only probably I had was that announcement about a "release candidate"
happened, and then it was modified.  Perhaps that phase should have been
called something else.  It's probably just the choice of language,
but it is resulting in lots of mis-communication.

Next time around, let's break testing into the following phases:

 - Bugfix Phase (approx. 3 weeks)
    - no enhancements, but bug fixes will be allowed (basically
      what we called "frozen" this time around)
 - QA Team Approval Phase (approx. 2 weeks)
    - no packages will be installed into frozen, unless the QA
      team approves
 - Release Candidate Phase (approx. 1 week)
    - no packages will be installed by anyone
    - if a critical bug fix is found, the testing for this
      phase must be restarted
    - widely announce, and encourage testers to register
    - have a single point person for bug reports
 - Release

The transition dates for each phase must be announced several days in
advance to give developers enough notice.  And if the dates must be
postponed, it should be publicly announced, and the date should be
reset.

We basically did all these things this time around, but the communication
was really, really bad.

> > I noticed that there was new stuff in bo, even this morning.
> > 
> > Got bo/binary-all/doc/lg-issue17_1-1.deb 442332
> > Got bo/binary-all/doc/lg-issue16_1-3.deb 275546
> > Got bo/binary-all/devel/automake_1.0-4.deb 151504
> > Got bo/binary-all/devel/kernel-headers-2.0.30_2.0.30-7.deb 712256
> > Got bo/binary-all/devel/kernel-headers-2.0.29_2.0.29-7.deb 699938
> 
> I'm not sure how these got installed, but I did _not_ approve them!  Guy?
> 
> Looking at them, though, the only potential problem I can see is automake.
> The first two are documentation only and the last two are probably only
> minor packaging changes.
> 
> You're correct though in that there is _no_way_ these should have been
> let into the distribution when the mirrors are trying to catch up and
> people are trying to form CD images.
> 
>                                           Brian

I noticed that people aren't respecting each other's "turf".  Guy was
waiting for your word or Bruce's (I think), partly because he was unsure 
about the unresolved security issues, and other things.  That's really
Bruce's call, since he's the leader.  Bruce had already made the 
release announcement, didn't respond to Guy's inquiry on this list,
and then, two days later, the symlink hadn't been changed, so he did
it himself.

In the meantime, Dale did a great job testing the base system, but he
didn't test X.  And there was a last minute security glitch affected
the largest, ugliest package of them all (XFree86) - so Marc really
had his hands full and couldn't possibly be expected to test even
possible permutation of it.

All the X files were install May 15th, so I don't know why more people
didn't encounter the xdm bug.  Quite probably, very few people had
enough confidence in it to do a full clean install.  Most of the
people who were using frozen probably upgraded to it, so were
unaffected.

Let's not see any finger pointing.  I think everyone did a great job,
but complexity won this time around.

Cheers,

 - Jim

Attachment: pgppKvQAC5gHQ.pgp
Description: PGP signature

Follow-Ups:
- Re: how did this happen?
  - From: Brian White <bcwhite@verisim.com>

References:
- Re: how did this happen?
  - From: Brian White <bcwhite@verisim.com>

Prev by Date: Re: how did this happen?
Next by Date: Re: how did this happen?
Previous by thread: Re: how did this happen?
Next by thread: Re: how did this happen?
Index(es):
- Date
- Thread