Am 04.02.23 um 23:25 schrieb Chandler Sobel-Sorenson:
Frankly, I'm glad it was increased to serious because otherwise
listbugs wouldn't have let me stop it, then I have to spend more time
figuring out why I suddenly can't retrieve my e-mail and tracking
down a solution, downgrading packages, etc. There is only so much
time in the day and so much coffee I can drink. ;-) We use O365 at
the University and I have enough issues maintaining our Linux systems
there. ;-) Last thing I need is problems with workstation to get in
the way of my work.
If you need your laptop or your workstation for mission critical things
than Debian unstable/sid isn't the right choice. If you do so then you
will need some knowledge to handle situations like happen now.
> Quoting https://www.debian.org/Bugs/Developer.en.html
> important
> a bug which has a major effect on the usability of a package, without
rendering it completely unusable to everyone
> And that's what this issue is about, most of the users can use
> Thunderbird without problems.
Do you have statistics for that? What is "most"?
The majority of users. :-)
And these are obviously not users of Microsoft Cloud products. We haven
got reports from GMail user e.g.
Debian doesn't have any really resilient statistics as such statistics
bases on completely free choice. Debian doesn't collect data from users
without any confirmation.
I'm pretty sure many Universities and other large organizations
across the world are using Office however, if it's anything like our
University, "most" of those users are using Windows version of
Outlook or Outlook Online. Still, I could not be sure what "most"
Thunderbird users are using.
Sure the world is mostly owned by Microsoft Desktop systems, and using
Exchange or now Outlook 365 is also decreasing the the free choice of a
client to interact with the server instance.
Most users of Thunderbird are not using M$ products or at least only
using a small set of features of Exchange or Outlook.com.
Further, the actual bug in mozilla is #1814536 (OAuth2 authentication
| 102.7.1. | Linux - fails) - still Open. This is an even broader
than just o365 as Google uses OAuth2 as well, etc. That bug was
reported here in Debian as grave under #1030112 but you closed it as
a duplicate of this bug. That was perhaps mistaken.
No, it was not.
Having dozen of issues open that are about the same problem is really
not helpful to handle the issue.
> serious
> is a severe violation of Debian policy (roughly, it violates a "must" or
"required" directive),
> or, in the package maintainer's or release manager's opinion, makes the
package unsuitable for release.
I don't have the time to currently review the 609 instances of "must"
or "required" in the policy, but I believe this makes the package
unsuitable for release.
I don't really understand your problem.
What is the problem here?
What does it help if we increase the severity even more? Even right now
the the broken package will not migrate to testing. But it will also
trigger a remove of the version in testing. What do we win?
> grave
> makes the package in question unusable or mostly so, or causes data
loss,
> or introduces a security hole allowing access to the accounts of users who
use the package.
I think #1030112 should be reopened and/or merged with this bug, with
the title being updated to reflect broader issue with OAuth2. As the
bug is much broader than is implied here, severity should be
maintained at a minimum of serious.
And what we get from doing so?
The closed issue has added information that further talking is happen here.
Since many these days are using
Gmail as their only e-mail then could even be argued that thunderbird
is now unusable or mostly so, therefore severity of grave is not out
of the question either.
My GMail account is working with the current version in testing means to
me that Google doesn't has changed something on their side. Obviously
only MS has changed something.
So finally again as written in other answers:
If you need to use Thunderbird in a critical environment you shouldn't
use unstable/sid as long you don't know how to handle the potential
breakage of packages.
Debian is providing a stable release for productive use, if you need
newer version of software you can add the backport suite. Or if you are
more experienced switch to testing.
--
Regards
Carsten
