Re: How to find out why a package was removed from testing?
On Sat, Apr 02, 2005 at 06:08:52AM +0200, Adrian Bunk wrote: > On Fri, Apr 01, 2005 at 06:56:45PM -0800, Steve Langasek wrote: > > On Fri, Apr 01, 2005 at 07:59:01PM +0200, Frank Küster wrote: > > > Jeroen van Wolffelaar <[EMAIL PROTECTED]> wrote: > > > > On Fri, Apr 01, 2005 at 07:28:35PM +0200, Frank K?ster wrote: > > > > Right, but open for 47 days already. If for this amount of days an RC > > > > bug is open and nobody seems to have cared enough to fix it or even > > > > provide a patch, I think it's justified hinting it out of sarge. > > > You are probably right. However, removing a package should not be done > > > without > > > - adding a note about this to the release notes (Is there a package or > > > pseudo-package for the release notes now? I don't think so). > > There is an upgrade-reports package, but not a release-notes package. > > Perhaps upgrade-reports is good enough for the moment, since removed > > packages are upgrade issues? > > Anyway, packages are removed from testing or unstable+testing all the time > > when they're not releasable, without necessarily looking at whether they > > were present in stable; and many of these may get back into testing before > > release; so it's not really practical to track removals until we get close > > to freeze (like, hmm, now). > >... > This still catches only part of the problem. > I wouldn't assume that the majority of Debian users completely reads the > release notes. Then we should first tell them about how to use aptitude (or other tools) to track and manage obsoleted packages on their system, and only second list the individual packages that are removed so that we don't tax their attention span. AIUI, the release notes are defined as "things you need to know about this new release." I don't think we should be encouraging a culture where users ignore such things and blame us afterwards; and I don't think we should sacrifice the release schedule for transition packages for buggy and removed software just to protect users from things they shouldn't do. IOW: this is important, but not RC. > Consider someone discovers a remotely exploitable hole in wwwoffle > 13 months after the release of sarge. > According to the Debian Popularity Contest, 1.5% of the Debian users run > wwwoffle. > Consider one third of them completely read the release notes and removed > wwwoffle. Then one percent of all computers running Debian 3.1 will be > vulnerable - and there will be no DSA warning them. > You can argue "it was documented" - but the number of vulnerable > Debian 3.1 machines will still make the script kiddies very happy. > And wwwoffle is only one of many removed packages. How many transition packages can I put you down for, and when can we expect them to be delivered? > > The release team doesn't remove packages from testing for reasons that don't > > go through the BTS, and these are generally documented in > > http://ftp-master.debian.org/testing/hints/ as noted. > That's wrong. > The release team does remove packages for getting library transitions > into testing. If a package affected by the transition depends on a third > package that is not yet ready for testing, it might be hinted for > removal by the release team without any mentioning in the BTS. True, those removals don't get mentioned in the BTS; but they are either a) transient, with the release team taking responsibility for getting the new version of the package back into testing, or b) discussed with the maintainer. -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Re: How to find out why a package was removed from testing?
I demand that Andreas Barth may or may not have written... [snip] > perhaps replacing maintainers with bugs is a good idea). I'm not so sure. What do the bugs know about package maintenance? ;-) -- | Darren Salt | linux (or ds) at | nr. Ashington, | sarge,| youmustbejoking | Northumberland | RISC OS | demon co uk | Toon Army | http://www.youmustbejoking.demon.co.uk/> (PGP 2.6, GPG keys) Ernest BORGnine... you be the judge... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to find out why a package was removed from testing?
I demand that Martin Michlmayr may or may not have written... > * Frank Küster <[EMAIL PROTECTED]> [2005-04-01 19:28]: >> - its open bugs (one RC, but worked on) > http://ftp-master.debian.org/testing/hints/vorlon contains > # bug #295060 > remove wwwoffle/2.8e-1 > So, yes, because of an RC bug. gxine's RC bug (289412/295344) was fixed in 0.4.2; the current release is 0.4.3, which I released a week ago. The bug is marked "fixed-upstream". I'm currently awaiting a response from the package maintainer wrt getting it back into sarge (I hear via xine-devel that he's busy). I'll prepare an NMU if somebody will sponsor it, preferably uploading it to some suitable DELAYED queue. -- | Darren Salt | nr. Ashington, | linux (or ds) at | woody, sarge, | Northumberland | youmustbejoking | RISC OS | Toon Army | demon co uk | We've got Shearer, you haven't A man who turns green has eschewed protein. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to find out why a package was removed from testing?
Frank Küster wrote: Well, the point is that I thought about doing an NMU. However, I don't feel like digging into the problem if the package was removed for an unrelated reason which I cannot change (like dead upstream, better replacement available). Err, those are reasons to remove the package from /unstable/, not from testing. Packages get removed from testing when they have RC bugs, and that's pretty much it. I don't believe any package has ever been removed from testing because there's a "better replacement" or "dead upstream" without it either also having some RC bugs, or having already been removed from unstable... Cheers, aj -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to find out why a package was removed from testing?
On Fri, Apr 01, 2005 at 06:56:45PM -0800, Steve Langasek wrote: > On Fri, Apr 01, 2005 at 07:59:01PM +0200, Frank Küster wrote: > > Jeroen van Wolffelaar <[EMAIL PROTECTED]> wrote: > > > > On Fri, Apr 01, 2005 at 07:28:35PM +0200, Frank K?ster wrote: > > > > Right, but open for 47 days already. If for this amount of days an RC > > > bug is open and nobody seems to have cared enough to fix it or even > > > provide a patch, I think it's justified hinting it out of sarge. > > > You are probably right. However, removing a package should not be done > > without > > > - adding a note about this to the release notes (Is there a package or > > pseudo-package for the release notes now? I don't think so). > > There is an upgrade-reports package, but not a release-notes package. > Perhaps upgrade-reports is good enough for the moment, since removed > packages are upgrade issues? > > Anyway, packages are removed from testing or unstable+testing all the time > when they're not releasable, without necessarily looking at whether they > were present in stable; and many of these may get back into testing before > release; so it's not really practical to track removals until we get close > to freeze (like, hmm, now). >... This still catches only part of the problem. I wouldn't assume that the majority of Debian users completely reads the release notes. Consider someone discovers a remotely exploitable hole in wwwoffle 13 months after the release of sarge. According to the Debian Popularity Contest, 1.5% of the Debian users run wwwoffle. Consider one third of them completely read the release notes and removed wwwoffle. Then one percent of all computers running Debian 3.1 will be vulnerable - and there will be no DSA warning them. You can argue "it was documented" - but the number of vulnerable Debian 3.1 machines will still make the script kiddies very happy. And wwwoffle is only one of many removed packages. > The release team doesn't remove packages from testing for reasons that don't > go through the BTS, and these are generally documented in > http://ftp-master.debian.org/testing/hints/ as noted. That's wrong. The release team does remove packages for getting library transitions into testing. If a package affected by the transition depends on a third package that is not yet ready for testing, it might be hinted for removal by the release team without any mentioning in the BTS. Consider e.g. the loop-aes-utils package would require libopenh323 [1]. You yourself would hint it for removal from testing today and it wouldn't have any chance of entering testing again for sarge [2] although it's completely bug-free. Or a package might simply be removed because it depends directly or indirectly on a buggy package without being itself buggy. > Steve Langasek cu Adrian [1] that's only a fictive example, but I'm too lame digging through 650kB update_excuses for finding some real examples [2] due to it's versioned util-linux dependency -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to find out why a package was removed from testing?
On Fri, Apr 01, 2005 at 07:59:01PM +0200, Frank Küster wrote: > Jeroen van Wolffelaar <[EMAIL PROTECTED]> wrote: > > On Fri, Apr 01, 2005 at 07:28:35PM +0200, Frank K?ster wrote: > > Right, but open for 47 days already. If for this amount of days an RC > > bug is open and nobody seems to have cared enough to fix it or even > > provide a patch, I think it's justified hinting it out of sarge. > You are probably right. However, removing a package should not be done > without > - adding a note about this to the release notes (Is there a package or > pseudo-package for the release notes now? I don't think so). There is an upgrade-reports package, but not a release-notes package. Perhaps upgrade-reports is good enough for the moment, since removed packages are upgrade issues? Anyway, packages are removed from testing or unstable+testing all the time when they're not releasable, without necessarily looking at whether they were present in stable; and many of these may get back into testing before release; so it's not really practical to track removals until we get close to freeze (like, hmm, now). > - Inform the maintainers of alternatives. Hmm, that assumes there generally are alternatives, or that the release team knows about them, neither of which is a given. If a niche package has RC bugs that aren't being resolved, we can't ship it, even if there's no known alternative. > Since polipo claims to be "in > the spirit of wwwoffle", it might even be possible to provide an > upgrade path. I'd be happy for any upgrade paths that maintainers choose to provide, but I just don't see this happening for the majority of packages -- we have enough trouble making sure all packages we ship are upgradable from woody, without swapping out the complete codebase, and I think this is a case of having to choose our battles. On Fri, Apr 01, 2005 at 10:24:56PM +0200, Frank Küster wrote: > Bastian Blank <[EMAIL PROTECTED]> wrote: > > No, maintainers have to know about there bugs. And RC bugs with this > > amount of time need some reaction. > Well, the point is that I thought about doing an NMU. However, I don't > feel like digging into the problem if the package was removed for an > unrelated reason which I cannot change (like dead upstream, better > replacement available). This is why I think it would be good to send a > note to the bug log. The release team doesn't remove packages from testing for reasons that don't go through the BTS, and these are generally documented in http://ftp-master.debian.org/testing/hints/ as noted. -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Re: How to find out why a package was removed from testing?
* Frank Küster ([EMAIL PROTECTED]) [050401 19:55]: > Martin Michlmayr <[EMAIL PROTECTED]> wrote: > > * Frank Küster <[EMAIL PROTECTED]> [2005-04-01 19:28]: > >> - its open bugs (one RC, but worked on) > > > > http://ftp-master.debian.org/testing/hints/vorlon contains > > > > # bug #295060 > > remove wwwoffle/2.8e-1 > > > > So, yes, because of an RC bug. > Is it not usual practice to send a note about this to the bug? I think > this would be a good idea, both for documentation purposes, and to wake > up lazy maintainers. Actually, this was discussed in Vancouver, and has been agreed at - but well, implementation of other issues had preference (the plan is to both send a daily summary to debian-testing-changes and to mail the individual maintainers; perhaps replacing maintainers with bugs is a good idea). Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to find out why a package was removed from testing?
* Jeroen van Wolffelaar ([EMAIL PROTECTED]) [050401 19:35]: > On Fri, Apr 01, 2005 at 07:28:35PM +0200, Frank K?ster wrote: > > how can I find out why a package was removed from testing? I tried to > > find this out for wwwoffle, and looked at > This type of information is unfortunately not readily available, you can > find it in some ftp-master logfiles (/org/ftp.debian.org on merkel) > certainly, but that's not reasy. the real information as written (and used) by the release team is in the hint files, http://ftp-master.debian.org/testing/hints/ = merkel:/org/ftp.debian.org/testing/hints/ Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to find out why a package was removed from testing?
Bastian Blank <[EMAIL PROTECTED]> wrote: > On Fri, Apr 01, 2005 at 08:00:19PM +0200, Frank Küster wrote: >> Is it not usual practice to send a note about this to the bug? I think >> this would be a good idea, both for documentation purposes, and to wake >> up lazy maintainers. > > No, maintainers have to know about there bugs. And RC bugs with this > amount of time need some reaction. Well, the point is that I thought about doing an NMU. However, I don't feel like digging into the problem if the package was removed for an unrelated reason which I cannot change (like dead upstream, better replacement available). This is why I think it would be good to send a note to the bug log. Regards, Frank -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer
Re: How to find out why a package was removed from testing?
On Fri, Apr 01, 2005 at 08:00:19PM +0200, Frank KÃster wrote: > Is it not usual practice to send a note about this to the bug? I think > this would be a good idea, both for documentation purposes, and to wake > up lazy maintainers. No, maintainers have to know about there bugs. And RC bugs with this amount of time need some reaction. Bastian -- Pain is a thing of the mind. The mind can be controlled. -- Spock, "Operation -- Annihilate!" stardate 3287.2 signature.asc Description: Digital signature
Re: How to find out why a package was removed from testing?
Martin Michlmayr <[EMAIL PROTECTED]> wrote: > * Frank Küster <[EMAIL PROTECTED]> [2005-04-01 19:28]: >> - its open bugs (one RC, but worked on) > > http://ftp-master.debian.org/testing/hints/vorlon contains > > # bug #295060 > remove wwwoffle/2.8e-1 > > So, yes, because of an RC bug. Is it not usual practice to send a note about this to the bug? I think this would be a good idea, both for documentation purposes, and to wake up lazy maintainers. Regards, Frank -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer
Re: How to find out why a package was removed from testing?
Jeroen van Wolffelaar <[EMAIL PROTECTED]> wrote: > On Fri, Apr 01, 2005 at 07:28:35PM +0200, Frank K?ster wrote: > >> - its open bugs (one RC, but worked on) > > Right, but open for 47 days already. If for this amount of days an RC > bug is open and nobody seems to have cared enough to fix it or even > provide a patch, I think it's justified hinting it out of sarge. You are probably right. However, removing a package should not be done without - adding a note about this to the release notes (Is there a package or pseudo-package for the release notes now? I don't think so). - Inform the maintainers of alternatives. Since polipo claims to be "in the spirit of wwwoffle", it might even be possible to provide an upgrade path. Regards, Frank -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer
Re: How to find out why a package was removed from testing?
* Frank Küster <[EMAIL PROTECTED]> [2005-04-01 19:28]: > - its open bugs (one RC, but worked on) http://ftp-master.debian.org/testing/hints/vorlon contains # bug #295060 remove wwwoffle/2.8e-1 So, yes, because of an RC bug. -- Martin Michlmayr http://www.cyrius.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to find out why a package was removed from testing?
On Fri, Apr 01, 2005 at 07:28:35PM +0200, Frank K?ster wrote: > Hi, > > how can I find out why a package was removed from testing? I tried to > find this out for wwwoffle, and looked at This type of information is unfortunately not readily available, you can find it in some ftp-master logfiles (/org/ftp.debian.org on merkel) certainly, but that's not reasy. The plan is to use the newly created debian-testing-changes mailinglist for notifications of this kind, but it simply hasn't happened yet. Finding out why a package is not (re-)entering testing though, is easy: > - its open bugs (one RC, but worked on) Right, but open for 47 days already. If for this amount of days an RC bug is open and nobody seems to have cared enough to fix it or even provide a patch, I think it's justified hinting it out of sarge. If it's fixed, wwwoffle might re-enter testing (if the fixed version is ready in time), if not, well, it'll stay out. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
How to find out why a package was removed from testing?
Hi, how can I find out why a package was removed from testing? I tried to find this out for wwwoffle, and looked at - its resolved bugs (no indication) - its open bugs (one RC, but worked on) - ftp.debian.org's bugs: nothing - Search on debian-release: nothing. Where else can I look? TIA, Frank P.S. if somebody can point me to an alternative for wwwoffle, that would be nice. Is polipo good? If yes, does it provide an upgrade path from woody? -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer
