Jeroen van Wolffelaar a écrit :
This is related to some infrastructure change w.r.t. stable releases --
they end up in a queue to be approved now, very much like "NEW".
Announcements should be sent when they are approved (or rejected) from
this queue, something that hasn't happened recently (yet).
Thanks for the explanation.
Like that an upload to NEW isn't announced to a mailinglist, I think
these uploads shouldn't either, only once they are accepted or rejected.
It can be argued that it'd be neat to have a notification upon entering
the queue to a mailinglist, but then I think the same should happen for
NEW.
I wasn't aware that there was such a queue, but I don't think that
changes what should happen when fixes reach stable security updates. An
upload which stops by NEW could very well never enter any suite. In the
case of uploads we're discussing, they may not reach proper stable, but
they are already in stable-security. If someone asks me which version of
foo is in stable and foo had a DSA since the latest point release, I
will naturally answer that it's the version in stable-security. So I
think it's reasonable to say that a vulnerability not present in
testing/unstable/oldstable, which is fixed in stable security updates
but not yet in a point release, is fixed in stable. Anyway, now that we
have BTS version tracking, I think it's clear that the bugs should be
closed when they enter stable security updates.
If you disagree, you could explain how closing the bug with
version-tracking would be a problem.
