Re: (when?) do we (still) contact maintainers?
Hi Antoine It is my fault that python developers were not contacted. I added the package to dla-needed.txt yesterday (or possibly the day before) and planned to contact the maintainers. But before I had the chance to do so the package was already fixed and then it did not feel appropriate to contact the maintainer. I should have sent the email the same day and not wait until another day. On the other hand, we have mixed feedback from maintainers. Some wants to be contacted. Some other do not want to be contacted. Some other want to be contacted, but just the people in "Maintainers:" field and not the "Uploaders:". (This turned out to be a rather tricky thing) Tricky this. I think I agree with you that we should change the process, but we should discuss it first as you say. Best regards // Ola On Thu, 7 Feb 2019 at 18:35, Antoine Beaupré wrote: > On 2019-02-07 18:32:39, Markus Koschany wrote: > > Please do not CC me. I am subscribed. > > > > Am 07.02.19 um 18:23 schrieb Antoine Beaupré: > > [...] > >> Well, I don't think we should make such calls without announcing it and > >> documenting the new workflow clearly, first off. > >> > >> Second, I think I mostly agree with you, but we need to be certain we > >> won't upset other people's workflow, and this should be discussed. > > > > How does my decision to not contact a maintainer interrupt your > > workflow? You can still contact the maintainer before you start to work > > on a package. > > I meant the debian package maintainers, not mine. > > A. > > -- > In a world where Henry Kissinger wins the Nobel Peace Prize, > there is no need for satire. > - Tom Lehrer > > -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: (when?) do we (still) contact maintainers?
On 2019-02-07 18:32:39, Markus Koschany wrote: > Please do not CC me. I am subscribed. > > Am 07.02.19 um 18:23 schrieb Antoine Beaupré: > [...] >> Well, I don't think we should make such calls without announcing it and >> documenting the new workflow clearly, first off. >> >> Second, I think I mostly agree with you, but we need to be certain we >> won't upset other people's workflow, and this should be discussed. > > How does my decision to not contact a maintainer interrupt your > workflow? You can still contact the maintainer before you start to work > on a package. I meant the debian package maintainers, not mine. A. -- In a world where Henry Kissinger wins the Nobel Peace Prize, there is no need for satire. - Tom Lehrer
Re: (when?) do we (still) contact maintainers?
Please do not CC me. I am subscribed. Am 07.02.19 um 18:23 schrieb Antoine Beaupré: [...] > Well, I don't think we should make such calls without announcing it and > documenting the new workflow clearly, first off. > > Second, I think I mostly agree with you, but we need to be certain we > won't upset other people's workflow, and this should be discussed. How does my decision to not contact a maintainer interrupt your workflow? You can still contact the maintainer before you start to work on a package. signature.asc Description: OpenPGP digital signature
Re: (when?) do we (still) contact maintainers?
On 2019-02-07 17:58:48, Markus Koschany wrote: > Hello, > > Am 07.02.19 um 17:32 schrieb Antoine Beaupré: > [...] >> Am I missing something here? Did we change this practice, or is this an >> oversight? > > I have been part of the team for three years now, from my experience > almost all people are very happy when someone else fixes bugs in > oldstable. Most of the time we get either no response at all or someone > tells us to just go ahead. Since we have now the capacity to handle all > those issues all by ourselves, I don't find it no longer necessary to > contact every maintainer beforehand. Instead I decide on a case-by-case > basis. I would rather change the current recommendation and the > do-not-call list to a list of maintainers who want to be contacted first > before we work on their packages or have always prepared updates > themselves (e.g. postresql). This list will be quite short. Well, I don't think we should make such calls without announcing it and documenting the new workflow clearly, first off. Second, I think I mostly agree with you, but we need to be certain we won't upset other people's workflow, and this should be discussed. A. -- Tout ce qui n’est pas donné est perdu. - Proverbe indien
Re: (when?) do we (still) contact maintainers?
Hello, Am 07.02.19 um 17:32 schrieb Antoine Beaupré: [...] > Am I missing something here? Did we change this practice, or is this an > oversight? I have been part of the team for three years now, from my experience almost all people are very happy when someone else fixes bugs in oldstable. Most of the time we get either no response at all or someone tells us to just go ahead. Since we have now the capacity to handle all those issues all by ourselves, I don't find it no longer necessary to contact every maintainer beforehand. Instead I decide on a case-by-case basis. I would rather change the current recommendation and the do-not-call list to a list of maintainers who want to be contacted first before we work on their packages or have always prepared updates themselves (e.g. postresql). This list will be quite short. Markus signature.asc Description: OpenPGP digital signature
(when?) do we (still) contact maintainers?
Hi, I was under the impression that we were supposed to contact maintainers when we add packages to dla-needed.txt, as part of the triage work. That is, at least, the method documented here: https://wiki.debian.org/LTS/Development#Triage_new_security_issues Confident that people doing the triage would do so, I have stopped double-checking that such work was being done but now, looking at the python-gnupg package, I noticed nothing was sent out to the maintainer, at least not with this list in CC. The maintainer and package are not in data/packages/lts-do-not-call.txt so I think they should have been contacted first. Am I missing something here? Did we change this practice, or is this an oversight? A. -- Arguing for surveillance because you have nothing to hide is no different than making the claim, "I don't care about freedom of speech because I have nothing to say." - Edward Snowden signature.asc Description: PGP signature