----- Original message ----- > On Wed, Sep 14, 2011 at 11:30:08AM +0800, Thomas Goirand wrote: > By definition, if you asked for the removal of 0.30.0 from squeeze > because it was unsuitable for release, it was buggy in a > release-critical way. That the release-critical bugs lasted into the > depths of the Debian release freeze to the point that the only available > option was removal certainly qualifies as "persistent" in my book.
This isn't what happened. I asked for removal not because it was unsuitable for release, but because the release team refused to unblock version 0.32, and because I had no time to work on testing version 0.30. The main issue was that I had my Debian account early in July, and it was a very though schedule for me with all the work I had to do, and with the freeze happening without prior annoucement! > > I think you don't understand at all what's happening. Absolutely *all* > > of the release-critical bugs have been dealt with, in both SID and in > > old-stable. Bugs are still opened because the old-stable packages > > hasn't reach yet the security mirrors. > > http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=dtc;dist=unstable lists > 8 bugs at RC severity that are not fixed in unstable. NO!!! Look better. The bugs are still open, but they are marked as fixed in 0.34.1! The bugs are still open because not yet fixed in old-stable (but I did upload already). > Are you unaware that these bugs are still affecting the package in > unstable? I quite know they are fixed, since I'm the one who fixed them. > It is an opinion that I share. This software serves a security-sensitive > function, and the set of security issues that have been encountered to > date are a clear indication that you are not well versed in the > necessary secure programming practices. The probability of further > significant security issues being found if someone were to audit the > code approaches 1. That's a much better wording that what you wrote before which was simply wrong. :) > When dtc migrates back to Debian testing, I'm more than happy to revisit > this removal. Ok. Thomas -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/849544 Title: remove dtc from oneiric and blacklist: multiple security and policy bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dtc/+bug/849544/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
