On Sat, Sep 02, 2006 at 10:31:21PM +0900, Charles Plessy wrote: > here is a summary of what happened:
> - A security update of Sarge broke programs, some being shipped in > Sarge, some being installed by the users from other sources. > - The problem was quickly reported, and a fix was made. > - Unfortunately, it was not released during aproximately two months. > - A user complained on -devel. > - It was realised by the appropriate persons that the fix was forgetten > for two months. Incorrect. a) the bug was never forgotten; b) the longest delay in my discussion with the security team was around 3 weeks, which regardless of whether this should be acceptable is != 2 months. > People who tried to report through the bts that the bug was not fixed > were replied that it was, as they sent bugs to the package, not on the > security.debian.org pseudopackage. No they were not. > Did the user who complained on -devel stay silent, it is possible that > the fix would still wait to be released. I think that it is unfair to > criticize him for having reported the problem as it appears that this is > what solved the problem for real at the user level. No, it was not. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
