Hi, On 10/13/19 10:02 PM, Robie Basak wrote: > On Sun, Oct 13, 2019 at 05:23:40PM +0200, Birger Schacht wrote: >> Robie, could you please point out the part of the Debian policy that >> this package is violating? > > I cannot. I believe that this issue is such a clear violation of > Debian's philosophy that it has never been necessary to document it > formally as policy.
Thanks for the clarification! > > However you seem to have missed out the latter part of the definition of > "serious" in your quote. Here's the full definition: > > serious is a severe violation of Debian policy (roughly, it > violates a "must" or "required" directive), or, in the package > maintainer's or release manager's opinion, makes the package > unsuitable for release. I haven't missed out the part about the "package maintainers or the release manager's opinion", but I didn't consider it relevant to this bug report because its neither nor is setting this level of seriousness. > I think it's quite clear that this issue makes the package unsuitable > for release. If the package maintainer disagrees and thinks that it's OK > to release Debian with this bug outstanding, they may change it. > > Are you suggesting that "serious" is not justified? Nobody seems to have > doubted that so far. If the package maintainer wants to reduce the > severity of this bug by relying on policy not mentioning this type of > matter, then I'm fairly confident that this will result in policy being > amended in the end anyway. The problem is that the package will be removed from unstable in a couple of days because of this bug report. 3 month is sometimes not that much time to fix a bug or even comment on a bug report. And the release of bullseye is not even in sight. I or someone else could do an NMU, but the package will be removed from the archive before that can happen. cheers, Birger PS: please don't mistake me asking for clarification as a sign that I don't consider this being a privacy leak, on the contrary.
