Hi Niels, Niels Thykier wrote: > Jonathan Nieder:
>> With severity=high, a security fix then takes two more days before it >> hits testing. Is there a way to expedite it? My experience with >> https://bugs.debian.org/871823 was "no". [...] > The 2 days are measured from the first time the package has been made > available by dak. And then there are some corner cases in how we handle > "aging" that may slightly complicates how "2 days" are defined here. > > It is *technically possible* to expedite an upload to migrate faster > than "2 days" (including omitting the delay entirely). However, at the > moment a signifiant part of our QA relies on the delay to catch > (obvious) mistakes. As such, we generally reserve such exemptions to > the aging for "very urgent" issues[1]. Thanks. That helps. Git appears to have been blocked today by https://alioth-lists.debian.net/pipermail/piuparts-devel/2018-May/007797.html. Would an "urgent" hint have prevented that? I would like to see the update in unstable to protect users. For example, see [2]. I don't think most users of testing realize that they also need to include stable-backports in sources.list to get security fixes. That said, by the time you read this message it's likely that it will have auto-migrated. :) > I am hoping we will eventually get to a point where the automated QA > tests provided to the testing migration decision can replace the > arbitrary delay we currently use to enable manual testing. Though I > doubt we are ready to do that any time soon. For next time, if I have done sufficient testing (manual piuparts run, having internal users use it in daily life, etc) privately during the embargo period, should I file a bug against the release.debian.org to make an "urgent" hint when the embargo expires? Thanks, Jonathan > [1] Deployed as an "urgent"-hint in britney: > > https://release.debian.org/doc/britney/hints.html#urgent-action-list [2] https://blog.npmjs.org/post/174411769410/how-npm-is-affected-by-the-recently-disclosed-git.
