-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Philipp,
On 17.02.2012 22:12 Philipp Kern wrote: > On Mon, Feb 13, 2012 at 11:04:05PM +0100, [email protected] wrote: >> For what it's worth, I first reported this in July 2007 and repeatedly >> since then, to various contacts, also including other issues. See also >> rt.debian.org ticket #151. I do know Debian is all volunteer run. Still, >> also because of the good work the security teams are doing, >> I had hoped for a better responsiveness (this is 4,5 years now) to such >> issues. > > I think it's no secret that we were low on manpower back then. It never > landed on my desk since I joined that part of the project in 2009. thanks for providing this explanation. This may mean that other people who were trying to report such issues made similar experiences to me, and that, if the manpower situation is less problematic now, it may be worth searching the web or other available resources (such as RT) for similar reports which were insufficiently handled during this time (and may still apply now). > Also you said in your mail that you "just" came across this issue. That's right. When I said this I did not remember that I had previously reported it (I remembered this only after sending this year's first e-mail on this topic), since I had given up on finding anyone who feels responsible back in 2008. > RT #151 is secret, so I can't even access it. You could've just > reported a bug about it publically. (But then I acknowledge that > there probably wasn't an appropriate pseudo-package back then, apart > from the web one maybe.) Here's the full list of e-mail addresses who got a copy of this report since Aug 2007: rmurray[at]debian.org jeroen[at]wolffelaar.nl admin[at]rt.debian.org security[at]debian.org ftpmaster[at]ftp-master.debian.org owner[at]bugs.debian.org debian-www[at]lists.debian.org Also, I did publish it over here in november 2008: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504608 The intention of this e-mail is not to blame anyone, but to point out that there may be (or may have been) a lack of a process which is capable of handling such reports and ensuring that all of the following takes place: * someone who is both able to and interested in maintaining the public facing software installation and reacts to bug reports responsibly (and thus in a timely fashion) exists * someone who is both able to and interested in maintaining the software and reacts to bug reports responsibly (and thus in a timely fashion) exists * such reports end up with both these roles, and both of them communicate with each other to ensure that after the software is fixed, the fix is rolled out to all installations Apparently this is less of a concern (or even none) now, at least in the case of buildd bugs, which I am glad to recognize. Moritz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJPP3nLAAoJEL2W7K2TRQCwH54QAKhjT1eNd8kyzfu5yRJ8lk1G QEHMvshBu02HZFLo2Kj6rf9lNxfsyTn4ludI1VSfg0+ar5CJcBhqr6sM3pFGAlnr coJdvfCsQKGGWDTNbzMCKX90T586VwWDVA0gkMg/n2uYKRCfVXF3l9b5R/IKcyaL HEfjzU/ekNiApTnSCKnZ+Tiktg8OfDwxj+j/C9nmTqG72hDuQOlb59AclMQy+jZI 7uSyZW3jxipgn71Mur7DnLf2JrxFgItJp9ivECNWtLMOWTFY1kJVnQsdcpiCk6xx AQkg6JWqLdkUcqxGGMyLlzdqqXXMOiXABGwfNdbl1LstQtVsG79ar837JfHLplwS lZ6uiRO/vDlzv9FvUUgqTgGeJw11JkJAyefFF2rlIZZ5toYGQjslgmOznwK0LnHz xMZo4lrSHCnsCd/BRchSCk9vOrtGvhO9nzYAjUzYfHg0QREkR/RdHxc/gHxOTC2w 4dCgnjvyv/2up2tXaupiqPfZ+k2YnArfTPDm17KBIohhWB8epHMmKI2AtqDTAHUp 6ieqU9k+6UgLCMMzc+TnZOBu965m7tGmNL9F4yinY2f+1hJO1yTtRBozQSEzrmsU o8/B4y1GDbIyWcvcVrueTd56AbXNIEwe+ie4wIKIV2Fw8kQaQFm44B+giumlL5u+ 6Wmb3BboZI9f+iZ1w/kH =W2yl -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
