Guillaume Rousse wrote: > So, before any further contribution from my side, I'd like the people in > charge of security updates to find some internal agreement about what > kind of help they expect from other people exactly. If that's just to > push a non-discussable list of changes into spec files, they could as > well ask for SVN commit and package submission rights, to do it > directly. This would avoid a large amount of anger and frustration for > everyone.
Nobody is in charge, which is part of the problem. I think a lot of us packagers come from Mandriva where we were used to Oden being in charge of updates for stable distros, and therefore not having to worry about it. We are a community distro, we have no paid security manager. It is all of our responsibility to do security updates for stable distros. As far as what kind of help is expected, it varies per bug really. Some of them have maintainers that might want to give input. Some I would like to know from someone else more experienced or who has more at stake in a package how to handle an update when there are choices. Sometimes other distros have pushed an updated (bugfix-only) version, or patched other bugs as well, rather than just patched the security bug. Based on my descriptions in my e-mail and comments in the bugs, you can see some of those that I'd just like some advice. Others are more complicated or packages that I don't know anything about. Bottom line is, the ones I've asked about, there's some reason I haven't just done it myself. Any help you can offer is appreciated. If you want clarification on any particular one what I need, please just ask me.
