Bug#413926: Call for vote: wordpress: Should not ship with Etch

[Steve Langasek]

On Sat, Mar 17, 2007 at 10:48:59AM -0400, Raul Miller wrote:
> On 3/12/07, Steve Langasek <[EMAIL PROTECTED]> wrote:
> >Hmm -- if it's the RMs' call, I guess that means Andi and I both are
> >required to abstain from any vote on this (Constitution 6.3.2).  Is it 
> >still
> >ok for me to call for a vote? :)  (FWIW, as RM the decision I consider to
> >have made is "defer to the judgement of the security team", so I guess the
> >TC does have a choice on who to overrule...)

> I can think of no reason [constitutional or otherwise] why you should not be
> allowed to call for a vote for the rest of the committee to
> [potentially] override
> you.

So we've been discussing within the release team the decision whether to
treat the security team's request as RC, and we're split on the question;
the decision has been made that the release team will instead refer this
decision to the TC under 6.1.3 of the constitution.

Since that makes this a referred decision rather than an override, a simple
majority should therefore be sufficient to decide in either direction.
Further, it's my understanding that there's no requirement for Andi or I to
abstain.  (Not that I think it's likely to affect the vote outcome, given
that we were split on the question to begin with. ;)

Following is a ballot for the question of bug #413926.  I've drafted two
separate ballot options to allow the TC to vote the full range of
preferences under Condorcet; hopefully, 'further discussion' will rank low
on everyone's ballots anyway. :)  As far as I'm concerned no verbose
resolution is needed here, feel free to consider the one-line description to
be the full text of the resolution.

I'm calling for an immediate vote, in the hopes that this decision can be
made without impact to the etch release timeline.

  In the brackets next to your preferred choice, place a 1. Place a 2 in
  the brackets next to your next choice.  Continue until you reach your last
  choice.  Do not enter a number smaller than 1 or larger than 3.  You may
  skip numbers.  You may rank options equally (as long as all choices X you
  make fall in the range 1 <= X <= 3).

  To vote "no, no matter what" rank "Further discussion" as more
  desirable than the unacceptable choices, or You may rank the "Further
  discussion" choice, and leave choices you consider unacceptable
  blank. Unranked choices are considered equally the least desired
  choices, and ranked below all ranked choices. (Note: if the Further
  Discussion choice is unranked, then it is equal to all other unranked
  choices, if any.)

- - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
[   ] Choice 1: wordpress should not be included in etch due to bug #413269
[   ] Choice 2: wordpress should be included in etch in spite of bug #413269
[   ] Choice 3: Further discussion
- - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-


Cheers,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#413926: Call for vote: wordpress: Should not ship with Etch

[Anthony Towns]

On Sun, Mar 25, 2007 at 07:27:13PM -0700, Steve Langasek wrote:
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> [ 2 ] Choice 1: wordpress should not be included in etch due to bug #413269
> [ 1 ] Choice 2: wordpress should be included in etch in spite of bug #413269
> [ 3 ] Choice 3: Further discussion
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-

Rationale: Neil McGovern [0] has indicated it should be supportable,
having already done testing-security support for it, and Kai Hendy as
the non-DD Debian maintainer has indicated both he and upstream [1]
are expecting to continue support the package. That seems sufficient to
count the package as security supportable for etch to me.

As far as advising versus overruling goes, I think inclusion in etch is
the RMs' decision, and without an opinion from them, we've got a case
of "Developers' jurisdictions overlap" so rather than trying to work
out whether it's fair to overrule the security team or the maintainer
(both of which I'd rather not), I'm just giving my opinion on what's
the best course of action.

Cheers,
aj

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413926;msg=99
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413926;msg=44


signature.asc
Description: Digital signature

Bug#413926: Call for vote: wordpress: Should not ship with Etch

[Steve Langasek]

> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> [ 1 ] Choice 1: wordpress should not be included in etch due to bug #413269
> [ 2 ] Choice 2: wordpress should be included in etch in spite of bug #413269
> [ 3 ] Choice 3: Further discussion
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-

Rationale: the security team are domain experts when it comes to questions
of code quality vis-à-vis security; even with a guarantee that developer
time will be available for preparation of DSAs, it is reasonable to exclude
packages based on estimates of the number of security fixes a package will
require over the course of a stable release cycle.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


signature.asc
Description: Digital signature

Bug#413926: Call for vote: wordpress: Should not ship with Etch

[Ian Jackson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steve Langasek writes ("Bug#413926: Call for vote: wordpress: Should not ship 
with Etch"):
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> [ 1 ] Choice 1: wordpress should not be included in etch due to bug #413269
> [ 2 ] Choice 2: wordpress should be included in etch in spite of bug #413269
> [ 3 ] Choice 3: Further discussion
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-

I have found this a difficult decision but I don't think waiting any
longer is going to help.  I'm marginally leaning towards not allowing
it, so that's how I'm voting.

Ian.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBRgeoR8MWjroj9a3bAQIc5gP+M+o1dFL64E8+CsNJ8jcJ4tMwRzb/lxsT
DhjnDm6/xD8lsu+BdZdivsTyu2jXYJAyXBfBGob+I4+0Uq67Cxhh6+yj8JnH0/GO
ZhcfD9DHWMUGo/9yWidz8M34md3ddZJolSGNl3h6SWcdTq62/v1UxtCND2k3sO6X
MY1HXH2Gs0M=
=QsWQ
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#413926: Call for vote: wordpress: Should not ship with Etch

[Bdale Garbee]

[EMAIL PROTECTED] (Steve Langasek) writes:

> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> [ 2 ] Choice 1: wordpress should not be included in etch due to bug #413269
> [ 1 ] Choice 2: wordpress should be included in etch in spite of bug #413269
> [ 3 ] Choice 3: Further discussion
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-

I am unconvinced that wordpress is more likely to have future security issues,
or that they would be harder to resolve, than many other packages in etch.

Bdale


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#413926: Call for vote: wordpress: Should not ship with Etch

[焕顺李]

wordpress should not be included in etch due to bug #413269

2007/3/27, Bdale Garbee <[EMAIL PROTECTED]>:

[EMAIL PROTECTED] (Steve Langasek) writes:

> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> [ 2 ] Choice 1: wordpress should not be included in etch due to bug #413269
> [ 1 ] Choice 2: wordpress should be included in etch in spite of bug #413269
> [ 3 ] Choice 3: Further discussion
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-

I am unconvinced that wordpress is more likely to have future security issues,
or that they would be harder to resolve, than many other packages in etch.

Bdale


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]





--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#413926: Call for vote: wordpress: Should not ship with Etch

[Andreas Barth]

* Steve Langasek ([EMAIL PROTECTED]) [070326 04:33]:
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> [ 2 ] Choice 1: wordpress should not be included in etch due to bug #413269
> [ 1 ] Choice 2: wordpress should be included in etch in spite of bug #413269
> [ 3 ] Choice 3: Further discussion
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-

Rationale: See Anthony basically. :)

Cheers,
Andi
-- 
  http://home.arcor.de/andreas-barth/


signature.asc
Description: Digital signature

Re: Bug#413926: Call for vote: wordpress: Should not ship with Etch

[Manoj Srivastava]

> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> [ 2 ] Choice 1: wordpress should not be included in etch due to bug #413269
> [ 1 ] Choice 2: wordpress should be included in etch in spite of bug #413269
> [ 3 ] Choice 3: Further discussion
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-

At this point, I have to decide between the prognostications
 of a security team member, versus the opinions of the debian
 maintainer and upstream's commitment to support.  I tend to also
 consider the maintainers to be domain experts as far as their package
 is concerned, which counters the security team being domain experts
 in security issues and solutions.

Additionally, lacking specifics, I would tend to let decisions
 of non-bugginess to the point of being unsupportable to lie with the
 maintainers, since they would have to support the package, so I am
 voting the way I did.

manoj
-- 
It's better to burn out than it is to rust.
Manoj Srivastava <[EMAIL PROTECTED]> 
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


pgpgDlpHLVeie.pgp
Description: PGP signature