Hi, > (copying the thread to debian-devel, where mass-bug-fills *has to* be > discussed, not d-qa)
As such I would suggest completely moving this thread over to d-devel and dropping d-qa from subsequent mails. [...] > > If I don't see any solution emerging in a reasonable time frame, my next > > step would be a more-or-less mass filing against all those packages that > > some rough analysis suggests are affected by either the vulnerability > > or the regression so that their maintainers can take measures to work > > around the problem if they want to. > > So, instead of fixing logrotate in stable (did you contact release > team to ask if a NMU is possible?), so just one package, you preferred > to file 32 bugs[1] for all the affected packages? also with phrases > like "I don't remember how I made the tests, or if the bugs are still > there, but trust me there's a problem" it's kinda upsetting and/or > unprofessional. Would you mind pointing out where I wrote this particular sentence or alternatively retracting that quote? Thanks. Also, apparently I haven't stated this with sufficient clarity yet: I have been trying to get logrotate fixed for over four years now by supplying patches, being responsive to the maintainer, notifying the security team of the issue, trying to get a discussion started on d-qa, all with very limited success. So much for upsetting and unprofessional. Also: No, I didn't. I'm sorry if I didn't find the right way to do things in debian's bureaucracy, but I am not a debian developer and I tried to be careful--and at least logrotate's maintainer obviously knew what I was up to, plus anyone on d-qa who read my mail there also could have pointed me in the right direction, so I won't take the blame for that. > If you really care about this problem, which is nice, try to get > logrotate fixed. Would you mind explaining how to go about that? Florian -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101211010127.ge3...@florz.florz.dyndns.org
