Hi Bas, * Bas Wijnen <[EMAIL PROTECTED]> [2008-04-24 23:34]: > We (Bas Wijnen, Lucas Nussbaum) worked on a Debian Enhancement > Proposal[0] on the policies and workflows for Non Maintainer Uploads > (NMUs). > > The main purpose of the proposal is: > * to explicitely allow fixing bugs of severity lower than important in > NMUs. > * to encourage the use of the DELAYED queue. > * to try to encourage a responsible approach for NMUs, instead of an > approach based on strict rules. [...] What about introducing a special case regarding the waiting period before uploading an NMU for security bugs? There are often cases in which we already have a patch handy to fix a security issue but still wait a few days on the maintainers reaction.
The 0-day NMU rules at the moment are already helpful here but I also consider 7 days of waiting period as unacceptable for security fixes and not all maintainers are on the Low-Treshold-NMU list. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpr87Du1bXyX.pgp
Description: PGP signature