Bug#458628: dput.cf misses important security queue warnings
On 2008-01-28 14:31:41.00 Thijs Kinkhorst [EMAIL PROTECTED] wrote: Will do on the weekend. Do you think it suffices to put it in the config file or is it necessary to ask the user? Do you think you can get around to uploading this soon? Thanks! Indeed. Also, I'm thinking of adding a prompting pre-upload-script instead of just a comment. People who routinely upload to the security queues could just take it out, but on first/occasional use you get to confirm a big, fat warning. That is, if you like that better than just a comment in the config file. Kind regards T. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#458628: dput.cf misses important security queue warnings
Hi Thomas, On Mon, January 28, 2008 15:09, Thomas Viehmann wrote: Also, I'm thinking of adding a prompting pre-upload-script instead of just a comment. People who routinely upload to the security queues could just take it out, but on first/occasional use you get to confirm a big, fat warning. That is, if you like that better than just a comment in the config file. If that is easy to implement that would be good, however, I prefer to have the warning in sooner rather than having to wait a longer time for this feature to be completed... thanks! Thijs
Bug#458628: dput.cf misses important security queue warnings
Hi Thomas, Will do on the weekend. Do you think it suffices to put it in the config file or is it necessary to ask the user? Do you think you can get around to uploading this soon? Thanks! Thijs
Bug#458628: dput.cf misses important security queue warnings
On Thursday 3 January 2008 00:11, Thomas Viehmann wrote: Thijs Kinkhorst wrote: I see you added a security-master config snippet to dput, which is a good idea. However, it's there without any further comments or notes. er, right. Everyone knows the deverloper's reference so no one would upload without consulting [EMAIL PROTECTED], right? Right :-) Or even better: people think they know ;-) Do NOT upload a package to the security upload queues without prior authorization from the security team. See the following URL for instructions: http://www.debian.org/doc/developers-reference/ch-pkgs#s-bug-security; It would be very much appreciated if you would make a quick upload with this information added. Will do on the weekend. Do you think it suffices to put it in the config file or is it necessary to ask the user? Thanks. Config file would be good enough for me. We can deal with the occasional mistake but I'd rather prevent it when that's not too difficult. Thijs pgpGckj3xLGSx.pgp Description: PGP signature
Bug#458628: dput.cf misses important security queue warnings
Package: dput Version: 0.9.2.29 Hi, I see you added a security-master config snippet to dput, which is a good idea. However, it's there without any further comments or notes. You may have seen that the section of the Developer's Reference is elaborate on the topic of security uploads and also advises not to upload anything without security team approval: http://www.debian.org/doc/developers-reference/ch-pkgs#s-bug-security That is of course based on past experience: the rules for security updates are strict so an inappropriate change is easily made, and having to reject uploads is cumbersome for the team. I think it's important to repeat the same warning that precedes the location of the security queue in the devref also in dput's config file: Do NOT upload a package to the security upload queues without prior authorization from the security team. See the following URL for instructions: http://www.debian.org/doc/developers-reference/ch-pkgs#s-bug-security; It would be very much appreciated if you would make a quick upload with this information added. thanks, Thijs pgpi0DLbyzOds.pgp Description: PGP signature
Bug#458628: dput.cf misses important security queue warnings
Hi Thijs, thanks for the bug! Thijs Kinkhorst wrote: I see you added a security-master config snippet to dput, which is a good idea. However, it's there without any further comments or notes. er, right. Everyone knows the deverloper's reference so no one would upload without consulting [EMAIL PROTECTED], right? Do NOT upload a package to the security upload queues without prior authorization from the security team. See the following URL for instructions: http://www.debian.org/doc/developers-reference/ch-pkgs#s-bug-security; It would be very much appreciated if you would make a quick upload with this information added. Will do on the weekend. Do you think it suffices to put it in the config file or is it necessary to ask the user? Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]