Re: Is a bug RC relevant if it has an influence on the health of a person
Jakub Wilk jw...@debian.org writes: * Goswin von Brederlow goswin-...@web.de, 2010-09-11, 19:46: Because you are a reportbug novice. Novices are not allowed to play with severity of bugs. :) I consider this a horrible misfeature of reportbug. Yes, we need RC bugs from novices, too. -- Jakub Wilk I like the middle ground where you have to justify the severity. Makes people think twice. MfG Goswin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87aanjic0n@frosties.localdomain
Re: Is a bug RC relevant if it has an influence on the health of a person
* Goswin von Brederlow goswin-...@web.de, 2010-09-11, 19:46: Because you are a reportbug novice. Novices are not allowed to play with severity of bugs. :) I consider this a horrible misfeature of reportbug. Yes, we need RC bugs from novices, too. -- Jakub Wilk signature.asc Description: Digital signature
Re: Is a bug RC relevant if it has an influence on the health of a person
On Sat, Sep 11, 2010 at 07:46:34PM +0200, Goswin von Brederlow wrote: but reportbug did not let me specify either of RC / critical / grave / serious / security ... Because you are a reportbug novice. Or at least reportbug thinks so =:- But thanks anyway ;-) Karsten -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100913095307.ga3...@hermes.hilbert.loc
Re: Is a bug RC relevant if it has an influence on the health of a person
Karsten Hilbert karsten.hilb...@gmx.net writes: On Thu, Sep 09, 2010 at 12:38:05PM +0200, Michael Tautschnig wrote: Here comes the bug: GNUmed will, given appropriate circumstances, OVERWRITE the first allergy against Sugar. ... You die in hospital because of a second anaphylactic reaction to Sugar. [...] Although I do see the point of harms people missing in the description of severities, *all* RC-level severities already seem to apply, given the above description (quoting [1]): - critical: ... or causes serious data loss, ... (although internal to GNUmed, it does cause loss of a patient's data) - grave: makes the package in question unusable or mostly so, ... (given the above description, it shall better not be used by any medic) - serious: ... or, in the package maintainer's or release manager's opinion, makes the package unsuitable for release. (the easiest one: paste Karsten's description into a bug report and you're done) Filed a bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596219 but reportbug did not let me specify either of RC / critical / grave / serious / security ... Karsten Because you are a reportbug novice. Novices are not allowed to play with severity of bugs. :) You can reconfigure reportbug (reportbug --configure) and tell it you are now more experienced with reporting bugs and Debian so it enables some of the more advanced options. Or, for a one time thing, reportbug --mode=standard, advanced or expert. MfG Goswin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87aanouq9x@frosties.localdomain
Re: Is a bug RC relevant if it has an influence on the health of a person
Hi, Le 09/09/10 21:40, Andreas Tille a écrit : On Thu, Sep 09, 2010 at 04:11:50PM +0200, Thibaut Paumard wrote: And please, make all possible effort to warn your users about the potential risk of using or having used the buggy version. And even if it's only I'm not sure, but it may well be serious enough to KILL PEOPLE, bloody hell, why are you even asking? Well, did you ever heard about Don't panic. I was taking a bit of time which is probably less than our mirror pushes for an issue which is really unlikely to happen in practice. My point was more that it's not necessary to get into the technicalities to decide the matter. Even if it did not fit the policy description for grave, it could still be grave, no need to go nitpicking about it. As I said we here dive into a field where we as computer experts are not able to evaluate the problem on our own any more. While I perfectly trust upstream and this issue is clear I would like to raise the issue in general. For instance what should we do if a simmilar life endangering bug is reported by a random user and an other user claims that this is not the case. What exactly should our criteria be to issue a DSA? Only fixes released by upstream? I think security is the way to go rather than volatile. Here again, eventhough clear DSA guidelines are a good idea, common sense dictates that life-endangering issues *are* security issues, whether or not they are explicitly typed out in those guidelines... Do you have a clear reasoning why volatile would be better than security? Finally who is really responsible for the computer in the medical practice? The only reasonable way is that an IT company with medical experts just provides the service for installation and updates for practice management systems in production. In a critical case I'd expect the service company to inform their clients about the problem by phone and not that the doctor learns about the issue by an apt-get update. That's what I meant by warn your users and by you I really meant upstream, not you ;-) I sort of hope all their users are subscribed to a mailing list of some sort... So in practical relevant cases there is no reason to panic. I really wouldn't want to get into an airplane with a known bug which could potentially crash the plane though it did not qualify as RC. I do not even want to sit in an airplain which runs Debian testing (and this is what we are talking about, right?). No, we are talking about stable. RCness is whether or not a known bug is authorised to enter stable. I, too, have a secret hope that my doctor runs a stable version of whatever system he chose and that he gets warned directly and immediately when such a bug is found. But somehow, I'm not sure this is the case. Best regards, Thibaut. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c89d61a.6000...@free.fr
Is a bug RC relevant if it has an influence on the health of a person
Hi, with GNUmed we currently have a case where a bug is not RC regarding the computer system and would not match our criterion of RC bugs. However, the influence of this bug might harm the health of patients of the doctor who might use this version of GNUmed. If needed upstream will give some more details but IMHO this problem is new in Debian and should be discussed in general: How do we handle bugs which do not have a critical influence to the system but to people working with the system? IMHO we should enhance our definition for what RC critical means. What do you think. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100909094049.gb4...@an3as.eu
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu, 09 Sep 2010 11:40:49 +0200, Andreas Tille wrote: with GNUmed we currently have a case where a bug is not RC regarding the computer system and would not match our criterion of RC bugs. However, the influence of this bug might harm the health of patients of the doctor who might use this version of GNUmed. Doesn't that simply count as severity: grave - makes the package in question unusable or mostly so? IMHO we should enhance our definition for what RC critical means. IMO grave doesn't only mean segfaults at start etc. but also produces garbage, shows completely wrong results, doesn't fulfill its core purpose, Cheers, gregor -- .''`. http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4 : :' : Debian GNU/Linux user, admin, developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of Free Software Foundation Europe `-Warp 7 -- It's a law we can live with. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100909095800.gk26...@colleen.colgarra.priv.at
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu, Sep 09, 2010 at 11:40:49AM +0200, Andreas Tille wrote: with GNUmed we currently have a case where a bug is not RC regarding the computer system and would not match our criterion of RC bugs. However, the influence of this bug might harm the health of patients of the doctor who might use this version of GNUmed. If needed upstream will give some more details Hi, I am (one of) upstream; both developer and Medical Doctor (GP). The problem Andreas is talking about is this: Let's assume I am your GP. I prescribe the drug SugarWater(tm) against ObsessionForPackaging for you. Next day you must be admitted to hospital by emergency ambulance because it turns out you had a severe allergic reaction to Sugar (one component of SugarWater). We call that anaphylactic reaction [1] and you barely survive. When you return to my office I duly document your allergy to Sugar. However, you still need and receive Water for ObsessionForPackaging which we tried to treat with SugarWater. A week later you return and show me a new skin rash (exanthema). You suspect that you are also allergic to Water, the second component of SugarWater (remember, you still take Water pills every day, we only stopped Sugar because you were allergic to *that*). Now, because of your bad experience with Sugar and the new reaction to Water, you fear you will also develop an anaphylactic shock to Water (this is medically fairly unlikely but the fear is understandable). So we decide to use an entirely different drug against ObsessionForPacking. I also duly note your additional reaction towards Water in your EMR (which is GNUmed [2], the package in question). Here comes the bug: GNUmed will, given appropriate circumstances, OVERWRITE the first allergy against Sugar. Three years later, Debian 10 has been released and you return because of FatigueFromPackaging. I prescribe Sugar, which usually helps against FatigueFromPackaging. Your EMR does NOT contain the allergy entry for Sugar anymore because it was overwritten by the allergy to Water. You die in hospital because of a second anaphylactic reaction to Sugar. Of course, medico-legally I am responsible. However, didn't you wish we had discussed and solved this issue in Debian *today* ? ;-) Thanks for listening, Karsten Hilbert, MD, GP [1] http://en.wikipedia.org/wiki/Anaphylaxis [2] http://packages.debian.org/search?keywords=gnumed-client -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100909100358.gj2...@hermes.hilbert.loc
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu, Sep 9, 2010 at 11:58, gregor herrmann gre...@debian.org wrote: On Thu, 09 Sep 2010 11:40:49 +0200, Andreas Tille wrote: with GNUmed we currently have a case where a bug is not RC regarding the computer system and would not match our criterion of RC bugs. However, the influence of this bug might harm the health of patients of the doctor who might use this version of GNUmed. Doesn't that simply count as severity: grave - makes the package in question unusable or mostly so? IMHO we should enhance our definition for what RC critical means. IMO grave doesn't only mean segfaults at start etc. but also produces garbage, shows completely wrong results, doesn't fulfill its core purpose, ...risks patients' lives, ... Definitely RC, 'grave' severity. -- blog: http://tshepang.tumblr.com -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlkti=gbox4nmrx457v6qt57dzxcgfy7qeqzce3z...@mail.gmail.com
Re: Is a bug RC relevant if it has an influence on the health of a person
[...] Here comes the bug: GNUmed will, given appropriate circumstances, OVERWRITE the first allergy against Sugar. Three years later, Debian 10 has been released and you return because of FatigueFromPackaging. I prescribe Sugar, which usually helps against FatigueFromPackaging. Your EMR does NOT contain the allergy entry for Sugar anymore because it was overwritten by the allergy to Water. You die in hospital because of a second anaphylactic reaction to Sugar. Of course, medico-legally I am responsible. However, didn't you wish we had discussed and solved this issue in Debian *today* ? ;-) [...] Although I do see the point of harms people missing in the description of severities, *all* RC-level severities already seem to apply, given the above description (quoting [1]): - critical: ... or causes serious data loss, ... (although internal to GNUmed, it does cause loss of a patient's data) - grave: makes the package in question unusable or mostly so, ... (given the above description, it shall better not be used by any medic) - serious: ... or, in the package maintainer's or release manager's opinion, makes the package unsuitable for release. (the easiest one: paste Karsten's description into a bug report and you're done) Hope this helps, Michael [1] http://www.debian.org/Bugs/Developer#severities pgp6cvgVWCgGp.pgp Description: PGP signature
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu Sep 09 12:03, Karsten Hilbert wrote: Here comes the bug: GNUmed will, given appropriate circumstances, OVERWRITE the first allergy against Sugar. Sounds like grave: , or causes data loss, ... to me, which is RC. I was also going to suggest it could be considered a security vulnerability - and hence also be suitable for a DSA upload to stable were this discovered after release. I also wouldn't object to it being filed as serious under in the package maintainer's ... opinion makes the package unsuitable for release. In any case it clearly should be fixed. Matt signature.asc Description: Digital signature
Re: Is a bug RC relevant if it has an influence on the health of a person
On 09.09.2010 11:58, gregor herrmann wrote: On Thu, 09 Sep 2010 11:40:49 +0200, Andreas Tille wrote: with GNUmed we currently have a case where a bug is not RC regarding the computer system and would not match our criterion of RC bugs. However, the influence of this bug might harm the health of patients of the doctor who might use this version of GNUmed. Doesn't that simply count as severity: grave - makes the package in question unusable or mostly so? IMHO we should enhance our definition for what RC critical means. IMO grave doesn't only mean segfaults at start etc. but also produces garbage, shows completely wrong results, doesn't fulfill its core purpose, And BTW IMHO it enter in the security related bugs. ciao cate -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c88b633.9000...@cateee.net
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu, Sep 09, 2010 at 12:38:05PM +0200, Michael Tautschnig wrote: Here comes the bug: GNUmed will, given appropriate circumstances, OVERWRITE the first allergy against Sugar. ... You die in hospital because of a second anaphylactic reaction to Sugar. [...] Although I do see the point of harms people missing in the description of severities, *all* RC-level severities already seem to apply, given the above description (quoting [1]): - critical: ... or causes serious data loss, ... (although internal to GNUmed, it does cause loss of a patient's data) - grave: makes the package in question unusable or mostly so, ... (given the above description, it shall better not be used by any medic) - serious: ... or, in the package maintainer's or release manager's opinion, makes the package unsuitable for release. (the easiest one: paste Karsten's description into a bug report and you're done) Filed a bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596219 but reportbug did not let me specify either of RC / critical / grave / serious / security ... Karsten -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100909110713.gm2...@hermes.hilbert.loc
Re: Is a bug RC relevant if it has an influence on the health of a person
* Karsten Hilbert [2010-09-09 13:07 +0200]: Filed a bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596219 but reportbug did not let me specify either of RC / critical / grave / serious / security ... I just set this to serious. It may take some minutes until the BTS is updated accordingly. Regards Carsten -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100909114357.ga29...@foghorn.stateful.de
Re: Is a bug RC relevant if it has an influence on the health of a person
Andreas Tille andr...@an3as.eu writes: with GNUmed we currently have a case where a bug is not RC regarding the computer system and would not match our criterion of RC bugs. Rather than RC (which is only about whether the severity of the bug is sufficient to delay the release of Debian), what is the severity of the bug? However, the influence of this bug might harm the health of patients of the doctor who might use this version of GNUmed. Which severity URL:http://www.debian.org/Bugs/Developer#severities best matches the behaviour? From your description, I'd guess one of “causes serious data loss” (⇒ ‘critical’) or “makes the package in question unusable or mostly so” (⇒ ‘grave’) would apply. What do you think? IMHO we should enhance our definition for what RC critical means. I think we need to make better use of the severity levels already available, and leave it to the release managers to decide which ones will delay the release of Debian. -- \ “We are not gonna be great; we are not gonna be amazing; we are | `\ gonna be *amazingly* amazing!” —Zaphod Beeblebrox, _The | _o__)Hitch-Hiker's Guide To The Galaxy_, Douglas Adams | Ben Finney -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87fwxj9jum@benfinney.id.au
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu, Sep 9, 2010 at 14:34, Ben Finney ben+deb...@benfinney.id.au wrote: Andreas Tille andr...@an3as.eu writes: with GNUmed we currently have a case where a bug is not RC regarding the computer system and would not match our criterion of RC bugs. Rather than RC (which is only about whether the severity of the bug is sufficient to delay the release of Debian), what is the severity of the bug? AFAIK, this is not the sort of package that would delay Debian's release. At worst it would just get excluded from the release. -- blog: http://tshepang.tumblr.com -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikeosmx43+45hxsq0rfkv3qnuc0nvu4atw60...@mail.gmail.com
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu, Sep 09, 2010 at 10:34:09PM +1000, Ben Finney wrote: From your description, I'd guess one of ???causes serious data loss??? (??? ???critical???) Strictly speaking I do not really regard the problem in #596219 as a data loss - the available data are just not properly handled which can have a really bad effect. I understood serious data loss as a random deletion of data this package or even another package would cause or things like this. We as computer experts are probably not in a position to decide whether some data which are not kept in a database of an application is serious or not. Even worse there could be an expert who has a secure proof that you can not be allergic against water itself but only in combination with sugar and thus the bugfix is not important any more because the upstream author just is not aware of this new research (just to overstress this example - know it does not really fit). We are in a position where we are not able to decide whether a problem is serious or not just by reading the code. or ???makes the package in question unusable or mostly so??? (??? ???grave???) would apply. What do you think? In practice the package is definitely usable as long as no patient with a double allergy asks a doctor who is using GNUmed in production (most probably less than 100 in the life time of Squeeze) for some medicine which exactly contains these both drugs. This is no excuse to not fix the problem but I would not regard the package as unusable. IMHO we should enhance our definition for what RC critical means. I think we need to make better use of the severity levels already available, and leave it to the release managers to decide which ones will delay the release of Debian. I agree here but I would like to correct the wording: We do not need to make better use but we need to define more clearly what cases might lead to a certain severity level and what not. IMHO cases like those above are not properly covered and if I think about the time after the Squeeze release how to handle problems like this. What kind of problems will justify a Debian Security Alert and what not, etc. Is it correct to release software which might need an urgent change in Debian stable or should we rather go to volatile? Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100909131718.gg4...@an3as.eu
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu Sep 09 14:42, Tshepang Lekhonkhobe wrote: Rather than RC (which is only about whether the severity of the bug is sufficient to delay the release of Debian), what is the severity of the bug? AFAIK, this is not the sort of package that would delay Debian's release. At worst it would just get excluded from the release. Indeed, RC is either we exclude the package or we wait until it's fixed to release, so the comment still applies Matt signature.asc Description: Digital signature
Re: Is a bug RC relevant if it has an influence on the health of a person
serious -- in the package maintainer's or release manager's opinion, makes the package unsuitable for release. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100909134158.ge12...@deckard.alcopop.org
Re: Is a bug RC relevant if it has an influence on the health of a person
Hi guys, This thread is just surrealistic. Le 09/09/10 15:17, Andreas Tille a écrit : On Thu, Sep 09, 2010 at 10:34:09PM +1000, Ben Finney wrote: From your description, I'd guess one of ???causes serious data loss??? (??? ???critical???) Strictly speaking I do not really regard the problem in #596219 as a data loss - the available data are just not properly handled which can have a really bad effect. I understood serious data loss as a random deletion of data this package or even another package would cause or things like this. You lose one piece of information, which is data, and this piece of information is bloody serious (pun intended). Anyway, I believe some common sense has to be used at some point. Debian policy is merely a compilation of what is admitted as the best practices and what we believe packager should or must abide to. But if you find a bug that in real life you would say is grave, then don't even look at what policy says grave means, it's grave, full stop. You have a bug that could potentially kill people? Fix it, upload ASAP and contact the security and release teams. And I don't care if it's not the normal procedure and if it can piss off people, it's not nearly as important as Doing What You Have To Do (TM). By the way, I don't think it will piss anybody off. And please, make all possible effort to warn your users about the potential risk of using or having used the buggy version. And even if it's only I'm not sure, but it may well be serious enough to KILL PEOPLE, bloody hell, why are you even asking? I really wouldn't want to get into an airplane with a known bug which could potentially crash the plane though it did not qualify as RC. Regards, Thibaut. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c88eb26.2050...@free.fr
Re: Is a bug RC relevant if it has an influence on the health of a person
On 09/09/2010 16:11, Thibaut Paumard wrote: You have a bug that could potentially kill people? Fix it, upload ASAP and contact the security and release teams. And I don't care if it's not the normal procedure and if it can piss off people, it's not nearly as important as Doing What You Have To Do (TM). By the way, I don't think it will piss anybody off. Right. I was wondering why Andreas didn't contact the Release Team to have our opinion on the subject. IMO, it qualifies as an RC bug and the diff (0.7.8 → 0.7.9) doesn't look huge. It's even reasonable and acceptable, once documentation changes are ignored. So, if you prepare a package and upload it to unstable, I would unblock it (only if the diff is strictly updating to this new version + any other change matching the criterias described in [1]). [1] http://lists.debian.org/debian-devel-announce/2010/09/msg0.html Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c88f2a9.4000...@dogguy.org
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu, Sep 09, 2010 at 04:43:53PM +0200, Mehdi Dogguy wrote: Right. I was wondering why Andreas didn't contact the Release Team to have our opinion on the subject. IMO, it qualifies as an RC bug and the diff (0.7.8 ??? 0.7.9) doesn't look huge. It's even reasonable and acceptable, once documentation changes are ignored. Because I think we had about 12 hours to discuss the issue in a general way before somebody really is in danger. As I said: This issue is *very* unlikely to happen and there is no reason to overreact. So, if you prepare a package and upload it to unstable, I would unblock it (only if the diff is strictly updating to this new version + any other change matching the criterias described in [1]). It's just uploaded to t-p-u. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100909183815.gb25...@an3as.eu
Re: Is a bug RC relevant if it has an influence on the health of a person
On 09/09/2010 08:38 PM, Andreas Tille wrote: On Thu, Sep 09, 2010 at 04:43:53PM +0200, Mehdi Dogguy wrote: Right. I was wondering why Andreas didn't contact the Release Team to have our opinion on the subject. IMO, it qualifies as an RC bug and the diff (0.7.8 ??? 0.7.9) doesn't look huge. It's even reasonable and acceptable, once documentation changes are ignored. Because I think we had about 12 hours to discuss the issue in a general way before somebody really is in danger. As I said: This issue is *very* unlikely to happen and there is no reason to overreact. It's not about overreacting. It's about deciding on RC severity, which is the Release Team's job. So, if you prepare a package and upload it to unstable, I would unblock it (only if the diff is strictly updating to this new version + any other change matching the criterias described in [1]). It's just uploaded to t-p-u. and approved. Kind regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c893287.7070...@dogguy.org
Re: Is a bug RC relevant if it has an influence on the health of a person
On Thu, Sep 09, 2010 at 04:11:50PM +0200, Thibaut Paumard wrote: And please, make all possible effort to warn your users about the potential risk of using or having used the buggy version. And even if it's only I'm not sure, but it may well be serious enough to KILL PEOPLE, bloody hell, why are you even asking? Well, did you ever heard about Don't panic. I was taking a bit of time which is probably less than our mirror pushes for an issue which is really unlikely to happen in practice. As I said we here dive into a field where we as computer experts are not able to evaluate the problem on our own any more. While I perfectly trust upstream and this issue is clear I would like to raise the issue in general. For instance what should we do if a simmilar life endangering bug is reported by a random user and an other user claims that this is not the case. What exactly should our criteria be to issue a DSA? Only fixes released by upstream? Finally who is really responsible for the computer in the medical practice? The only reasonable way is that an IT company with medical experts just provides the service for installation and updates for practice management systems in production. In a critical case I'd expect the service company to inform their clients about the problem by phone and not that the doctor learns about the issue by an apt-get update. So in practical relevant cases there is no reason to panic. I really wouldn't want to get into an airplane with a known bug which could potentially crash the plane though it did not qualify as RC. I do not even want to sit in an airplain which runs Debian testing (and this is what we are talking about, right?). I'm fine that most responses agree with my opinion that we should release with the fixed version. However, the emotional touch the discussion has taken just ignores that the problem is more complex than simply file and fix an RC bug. As I said it is a matter of lacking expertise on our side, it is a matter of responsibility (supporting company) and finally I also raised the issue whether packages like this might perhaps be better placed in volatile which might be more flexible in the case of an urgently needed upgrade. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100909194026.gb28...@an3as.eu
