Hi, On Tue, Apr 23, 2024 at 10:27:15PM +0100, Samuel Henrique wrote: > So the question is, does the release team consider it ok to push > proposed-updates without having to go through the package maintainer (given we > follow the regular process for p-u uploads)?
Yes. We're looking for several things: * minimal changes, wherever practical * maintainer input if available * upstream input if available * testing, not just limited to the fix itself Updates in stable distributions can have consequence where you least expect them, which is why we are generally cautious. The easiest requests to say "yes" to are those where the propser has tested thoroughly and documented how they did so. > In case the release team says we have to reach out to the maintainer, would it > be possible to provide some rough guidelines? For example: "cc'ing the > maintainer on the release.d.o p-u bug report is all that's needed", or "open > up > a bug against the package indicating your intention to do a p-u upload". "Reasonable efforts". Mailing the original bug report, copying on the proposed update bug and waiting a few days to a couple of weeks is reasonable. > Would the answer be the same for any type of p-u upload? I assume a no-dsa CVE > fix and a regular bug fix would fall into the same bucket (that's why I've > made > the email subject generic). Yes. Thanks, -- Jonathan Wiltshire [email protected] Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
