On Sunday 27 July 2008, Joey Hess wrote: > I'm sorry that this is late, but the announcement has a rather > disturbing number of problems.
There's also an issue with the D-I section. The fact that ssh was used with network-console was the reason why d-i needed a rebuild, but the announcement should also have mentioned that using older CDs will result in vulnerable host keys being generated when openssh-client is initially installed from CD [1] and that that is also fixed with the new release. I also feel a reference to the relevant DSA would have been appropriate. IMO with these omissions Joey's earlier suggestion [2] of a special DSA about all this does make a lot of sense. Someone else will have to take the initiative for that though. I'm sorry that I wasn't available to comment this weekend, but the info I had was (from #d-cd on Wednesday): 22:52:53 <zobel>: Sledge: planing for r4 is, that Ganneff and me are doing it after 7:52pm install run on friday. 22:53:50 > fjp: zobel: Did you add D-I stuff in you planning/ToDo list? 22:54:54 <zobel>: fjp: yes. i will contact you tomorrow evening about the text for the press release. 22:55:20 <zobel>: need to clarify a few things first. eg. who is sending out the announcement I'd already reminded Martin of the need to coordinate the announcement earlier (and it is in the SRM checklist [3]). The first actual pings I got to review the RN were on Saturday (from #d-boot): 14:39:54 <Tolimar>: fjp`: I got a first draft of the etch-and-a-half announcement ready at http://people.debian.org/~tolimar/tmp/ . Could you please have a look at it? Given that the release was planned for Friday and Martin was going to contact me on Thursday I really do not see how I should have known I should have planned on being available on Saturday and Sunday as well. As it happened I was not. Guess that's the risk when things are left until the very last minute, especially if you _know_ you need input from others. I don't know how the communication between RT and d-publicity has been, so I also don't know if/how things could have been started up sooner. From my PoV it's primarily the job of the RT to make sure things get started up early enough to allow for needed coordination/reviews/translation. Cheers, FJP [1] If a security mirror is used this will almost immediately fixed, but still. [2] http://bugs.debian.org/491263#29 [3] http://wiki.debian.org/Teams/ReleaseManager/PointReleaseCheckList
signature.asc
Description: This is a digitally signed message part.
