Control: tags -1 +confirmed -patch +jessie Control: severity -1 normal On Sun, 2016-09-04 at 07:32 +0100, Christopher Hoskin wrote: > Package: release.debian.org > Severity: critical
*No*. The bug you're fixing may be critical, the request to fix it in stable is at most normal. > Tags: patch > User: release.debian....@packages.debian.org > Usertags: pu > > The attached patch fixes bug #817231 in the rabbitvcs package. This is > classified as a critical bug on the grounds that it can cause serious > data loss (e.g. loss of entire home folder). There are several reports > of this actually happening to users of the software on Debian and > other systems: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817231 > https://github.com/rabbitvcs/rabbitvcs/issues/127 > http://askubuntu.com/questions/473433/rabbitsvn-deleted-all-my-folders > https://github.com/rabbitvcs/rabbitvcs/issues/70 > > Bug #817231 has now been closed in unstable. Given the nature of the > bug, I thought perhaps it should also be fixed in jessie-updates? Given the fact that the package has no reverse-dependencies and before your NMU in unstable had not been updated for two years, I wonder whether removal might have been a better option. > The attached patch acheives this. (I understand that the distribution > needs to be set to jessie in debian/changelog, rather than {jessie| > stable}-updates[0].) One can't upload to stable-updates, indeed, rather by definition. (It's an SRM-selected subset of packages in proposed-updates, not a standalone target.) I assume your rationale for suggesting a release via stable-updates, rather than simply waiting for the next point release (which will be in just under two weeks time) is the potential for data loss. Whilst this is indeed unfortunate, I think we've only previously used -updates for fixing RC bugs when they were regressions caused by other packages published via -updates or in a point release. +rabbitvcs (0.16-1.1) jessie; urgency=medium That version number is wrong, for multiple reasons - most importantly, that it's already been used for your NMU to unstable. Please use either 0.16-1+deb8u1 or 0.16-1.1~deb8u1, depending on whether the patch in the jessie upload is applied to a fresh copy of 0.16-1 or the unstable package is "backported". With that fixed, please feel free to get the package uploaded. Regards, Adam