On Mon, Oct 17, 2005 at 01:09:17AM -0200, Henrique de Moraes Holschuh wrote: > On Sun, 16 Oct 2005, Steve Langasek wrote: > > Why are you telling maintainers that you are going to NMU for the openssl > > transition? Such NMUs have not been discussed with either the release team
> Well, I am not telling maintainer*s*, so far I just filed a single bug > against net-snmp. Because of ld being quite clear that my system was about > to go to segfault-happy land, and warning me I was getting stuff doubly > linked against openssl 0.9.7 and 0.9.8 already (and net-snmp was the one > bringing 0.9.7 to the chain). So now the segfaults move another step down the chain, to someone else running a different application that needs net-snmp built against 0.9.7... > The openssl transition is under way, the release team was not clear on what > we were to do about it, either. I was fully expecting 0.9.8 to be removed > off the archive immediately until it was properly fixed. No such luck. The options for undoing such a thing once it's started are few, and they all suck. > The packages for 0.9.8 were not removed, we all waited for a proper fix > (versioned symbols) for a bit (thread on d-devel), none was forthcoming and > the maintainer made it clear he wouldn't do it without the blessing of > upstream or the other distros (but no status updates came about whether such > a thing was being attempted or not). Nevertheless, it has been discussed on the pkg-openssl-devel mailing list and with the release team: http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2005-October/000056.html http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2005-October/000064.html http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2005-October/000097.html > 0.9.7 made it back to the archive, with no conflicts and no versioned > symbols. I filed a grave/critical bug about 0.9.8 not conflicting with all > libs built against 0.9.7... cc'ed to d-devel, even. No reply whatsoever. Except that I submitted a patch for your bug less than 24 hours after it was submitted: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333349;msg=16 And the maintainers are considering it. Sorry for not cc:ing you, but all the same, I don't really see how in the absence of versioned symbols, you would feel that one-off NMUs of packages would help the transition. > I hope my reasons for filling the bug are crystal clear, now. I really AM > sorry for disturbing the C++ transition even further, the sooner it is done, > the better. But the scenario was not exactly set up to make it easier for > such a mistake not to be made. Yes, I'm aware of that. My mail was meant to bring the full situation to your (and Jochen's) attention, to forestall any further openssl-related bugs/NMUs at this point. > May I humbly suggest that from now on, we have weekly d-d-a emails about all > ongoing transitions and naming all packages that are to be left alone (no > NMUs, no maintainer uploads without first talking to the release team) ? The problem is that it's very difficult to identify all packages affected by a transition before the transition is near the point of being ready. Telling people "this is the list of packages not to upload", when we don't know it's complete, is worse than telling people "this is the transition going on right now". Even that may not be sustainable given the number of transitions that are currently in the air for etch. :/ > Better yet, da-katie could be improved to put a source package on hold for > manual approval by the release team (after it is approved by the ftp-masters > or builtin katie policies) to enforce these transitions more smoothly. Well, that's an idea, but there are a number of other dak/britney changes that are of much higher priority... Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
