The purpose of this email is to set forth the reasons for raising the
severity of this bug
and describe my intentions.

1) I intend to increase the severity to release critical.

The Debian document regarding severity states:

critical makes unrelated software on the system (or the whole system)
break, or causes serious data loss, or introduces a security hole on
systems where you install the package.


I encountered this bug when a fellow Debian user did a "apt-get
dist-upgrade" from squeeze to wheezy.
(The machine has had dist-upgrades going back as far as etch)
That machine has internet access only through a 3G modem at the site it is
located.
After the apt-get dist-upgade the machine was restarted and failed to
connect to the internet.
This made the machine completely unusable for the purposes of network
access.
Since no other forms of network access are available at that site the
machine would not have been
able to receive security updates either.
The machine was transported to a wired network site [my place :-) ] to
allow downgrading of this package
from snapshots since this bug completely prevents network access if wvdial
is used as
the only 3G dialer.
Subsequently network-manager has been installed on this machine to provide
additional 3G modem dialer support.
(Network-manager did not provide a dialer when 3G access was originally
installed on this machine).

I believe these facts constitute that this bug made unrelated software
(browser, ssh , mail etc.)
broken. Since the only network access was via this package - the completely
unavailable
network seriously compromised this machine. If left it in this state it
would also have led to
security holes accumulating.

On reading of Debian guidelines I conclude this constituted a release
critical bug for this machine.

2) Subject to my ability to gain access to hardware which I do not own, I
intend to test the fedora patch
and make it available on BTS followed by preparing for a NMU to be made
available on Debian QA mailing list.
The package has been abandoned upstream (homepage links are now
non-existent).
It is also orphaned in Debian. My intention is only to prevent users
upgrading to wheezy getting a "surprise".
I urge other users reading this to move to network-manager if possible
before a dist-upgrade
since network-manager appears better supported.

I apologize for my intention not to assist in subsequent maintaining of
this package after working on this bug.
My decision is significantly influenced by the pejorative comments made
about this software by one
of the original authors at the following URL:-
http://apenwarr.ca/log/?m=200912

with best regards,
Peter

Reply via email to