On 2008-12-25 20:07 +0100, Marc Shapiro wrote: > Every now and then I take a look at the Release-critical bugs status > page and I have a question. Since the release of Etch, in addition to > showing bug counts for the 'next stable release' and total counts they > have also displayed a line for the current release. This has, for the > past year, shown more release critical bugs for Etch than for Lenny. > > What does this really mean? Obviously, Etch *has* been released. > Apparently it has many release critical bugs. Are these bugs that > have been found since Etch's release that would have been considered > release critical if they had been found before its release?
Yes, in the majority of cases. But there are probably a good number of false positives. One common pattern is the following: RC bug #nnnnnn is reported against package foo in version x.y.z (which may or may not be in stable). Then somebody (often the maintainer of foo) finds out the bug is in package bar instead and sends mail to cont...@bugs.debian.org: reassign nnnnnn bar with the result that the bug has no version information anymore, and the BTS assumes that it applies to all versions of bar, although this is often not the case. Last week I had a look at the list myself and added version or suite information to about 20 bugs where I could identify that they don't apply to Etch. In many other cases investigating whether a particular bug applies to stable would have taken considerable time, though. > If so, why have they not been corrected? The number just keeps on > going up. You might not like it, but I'm afraid the answer is: because nobody cares about them. The security team only fixes issues they find serious enough for a DSA, and low-priority security bugs like unsafe temporary file handling (an issue that has been found and fixed in many packages during the Lenny release cycle) as well as non-security RC bugs are left to the package maintainers who often feel it's not worth backporting a fix and getting approval by the Stable Release Team. It's a pity that after so many months of freezing and bugfixing the actually released software is so neglected, but that's how it is. Sven -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
