The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how did this happen?



> > Since becoming a "release candidate", every package I allowed into
> > the distribution was approved by the testing group before hand.  I
> > have allowed no packages in at all for a week.
> 
> I guess one week was enough.  We probably had two different interpretations
> of what a release candidate was - what I would call a release candidate
> would be what existed, after the last minute revisions were added.  The
> only probably I had was that announcement about a "release candidate"
> happened, and then it was modified.  Perhaps that phase should have been
> called something else.  It's probably just the choice of language,
> but it is resulting in lots of mis-communication.

What I was originally going to do was make a "release candidate" on
Monday and let it sit for a week.  Packages fixes that came in and got
approved I was going to put in the following Sunday and announce another
release candidate the next day.  This would continue until there were
no more fixes to go in.

Instead, I put things in immediately because they were either tiny changes
or important changes that could use as much testing as possible.  Perhaps
I should have stuck to my original idea.


> > > I noticed that there was new stuff in bo, even this morning.
> > >
> > > Got bo/binary-all/doc/lg-issue17_1-1.deb 442332
> > > Got bo/binary-all/doc/lg-issue16_1-3.deb 275546
> > > Got bo/binary-all/devel/automake_1.0-4.deb 151504
> > > Got bo/binary-all/devel/kernel-headers-2.0.30_2.0.30-7.deb 712256
> > > Got bo/binary-all/devel/kernel-headers-2.0.29_2.0.29-7.deb 699938
> >
> > I'm not sure how these got installed, but I did _not_ approve them!  Guy?
> >
> > Looking at them, though, the only potential problem I can see is automake.
> > The first two are documentation only and the last two are probably only
> > minor packaging changes.
> >
> > You're correct though in that there is _no_way_ these should have been
> > let into the distribution when the mirrors are trying to catch up and
> > people are trying to form CD images.
> >
> >                                           Brian
> 
> I noticed that people aren't respecting each other's "turf".  Guy was
> waiting for your word or Bruce's (I think), partly because he was unsure
> about the unresolved security issues, and other things.  That's really
> Bruce's call, since he's the leader.  Bruce had already made the
> release announcement, didn't respond to Guy's inquiry on this list,
> and then, two days later, the symlink hadn't been changed, so he did
> it himself.

Most of the package installation is automated.  I get a list of packages
that need to be confirmed to frozen.  If I want to install it, I go to
master and install it manually.


> In the meantime, Dale did a great job testing the base system, but he
> didn't test X.  And there was a last minute security glitch affected
> the largest, ugliest package of them all (XFree86) - so Marc really
> had his hands full and couldn't possibly be expected to test even
> possible permutation of it.

This isn't exactly fair.  X was tested quite well, but something slipped
through.  It's to be expected.  Dale and his team did a great job overall,
especially considering the limited resources they have.

                                          Brian
                                 ( bcwhite@verisim.com )

-------------------------------------------------------------------------------
 Generated by Signify v1.02.  For this and more, visit http://www.verisim.com/



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .