On 2013-05-10 7:00, Thomas Goirand wrote:
On Fri May 10 2013 01:25:04 PM CST, Adam D. Barratt
<[email protected]> wrote:
On Fri, 2013-05-10 at 13:19 +0800, Thomas Goirand wrote:
> On Fri May 10 2013 01:05:55 PM CST, Adam D. Barratt
> <[email protected]> wrote:
> > Was this upload discussed with anyone on the release team
beforehand?
>
> With the release team no, with the security team,
> yes (with Luciano).
The security team aren't responsible for the management of
proposed-updates; they can tell you that they're not planning on
handling an issue via a DSA, but that just means that you should
follow
the usual procedure for a stable update.
Thanks for your very fast reply.
Hum... I am confused now...
It would appear so, yes. :(
In the past, I have uploaded some security updates
through stable-proposed-updates. Are you saying
that this is the wrong thing to do?
If the security team have indicated that they don't plan on issuing a
DSA to cover an issue and you've discussed it with the release team and
had the upload acked, it's entirely the right thing to do.
If so, you
should IMO discuss that with the security team,
I'm fairly sure the security team are quite clear on the procedure here
(although it might be helpful if when asking people to go via p-u rather
than security they emphasised that this is not an okay to upload to
p-u).
as it seemed to me that this was part of the procedure
so that they could check for the upload before
moving it to security.d.o.
No. Packages _do not_ move from p-u to security.
When packages are issued via security.d.o they are later copied to p-u.
There is no movement in the order direction. If the security team want
to check things they'll ask for diffs or ask you to upload to
security.d.o.
I do beleive that a DSA
is planned (and if it not, then we should).
The issue is marked in the security tracker as "no-dsa", which
certainly indicates one isn't planned.
Regards,
Adam
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
http://lists.debian.org/[email protected]
