Hi Shengjing, On 23-06-2019 13:59, Shengjing Zhu wrote: > On Sun, Jun 23, 2019 at 12:09:13PM +0200, Paul Gevers wrote: >> Technically, you're already too late, the package will only be 2 of 5 >> days old on Tuesday 13:00 UTC. But I have much worse concerns, see below. >> > > It's all up to the release team's decision, right?
Very well said. I appreciate it that you realize that. >>> + * Non-maintainer upload. >> >> This I worries me. "Apparently" Arnaud didn't consider it appropriate to > > There's nothing wrong in the procedure. Fixing RC bug and no maintainer > activity on the bug for 7 days, it's 0 day. Oh, sure, I wasn't really talking about procedures here, but I see how you could read my comment like that. I worry about making the right decision. For docker.io, with the security team worries and the standing golang situation, an upload (or at least a full ACK) from the maintainers is very welcome for the possibility of an exception. > I have CCed the maintainers, and "apparently" there's no disagreement > afterwards. Sorry, not good enough for me in this case. >> On top of that, I worry quite a bit that by disabling that test in the >> upstream patch, you are hiding a real problem. If it is possible from >> within the docker container to crash the host, that's a severe issue. >> Can you take away my worries? >> > > All code could have bug, it includes the test code. If you find a > serious bug for this version, please file a bug, then it could prevent > docker.io to migrate. Oh, much simpler. If I won't let it migrate, I'll actively remove it from buster. > But FTR again, I didn't blindly upload the patch. I do test, like running > the result binary, and the affected command. And more importantly, the > newly added code, didn't break any existing test cases. Ack, but still not good enough. I noted Sam's effort, but it doesn't comfort me enough to give an exception for docker.io. For the record, I'm very much inclined to remove docker.io from buster tomorrow. Paul
signature.asc
Description: OpenPGP digital signature