Bug#919348: marked as done (xfce4-screensaver: Accidental upload to unstable while fixing bug #919151)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Bug#919348: marked as done (xfce4-screensaver: Accidental upload to unstable while fixing bug #919151)

Debian Bug Tracking System
Your message dated Thu, 11 Jul 2019 11:30:03 +0200
with message-id <[hidden email]>
and subject line Re: Bug#919348: is it still unfit for Bullseye?
has caused the Debian Bug report #919348,
regarding xfce4-screensaver: Accidental upload to unstable while fixing bug #919151
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
919348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919348
Debian Bug Tracking System
Contact [hidden email] with problems

Package: xfce4-screensaver
Version: 0.1.3-1
Severity: important

While fixing #919151, I uploaded this package to unstable when
it was meant to go to experimental.

This package is still beta and security-wise, we don't consider
it quite ready yet to support in a stable release.

So we're filing an RC bug to prevent it from migrating to testing,
this can be closed once buster is frozen.

--
  ⢀⣴⠾⠻⢶⣦⠀  Jonathan Carter (highvoltage) <jcc>
  ⣾⠁⢠⠒⠀⣿⡁  Debian Developer - https://wiki.debian.org/highvoltage
  ⢿⡄⠘⠷⠚⠋   https://debian.org | https://jonathancarter.org
  ⠈⠳⣄⠀⠀⠀⠀  Be Bold. Be brave. Debian has got your back.

On 2019/07/11 10:34, Adam Borowski wrote:
>> So we're filing an RC bug to prevent it from migrating to testing,
>> this can be closed once buster is frozen.
>
> So... is there any reason to not let xfce4-screensaver go to Bullseye?
> Any day that a human being suffers from light-locker is a bad day.

Take it easy bullseye has only been open for a few single days!

> If you're afraid about yet-unknown bugs, more exposure to users early
> in the release cycle would be a good idea.  On the other hand,
> light-locker suffers from a multitude of known problems (see the recent
> debian-devel thread), and you hate the third alternative, xscreensaver
> (jwz's time bomb being indeed a good reason).

As Yves-Alexis points out whenever this topic comes up, screensavers
have a horrible security history. Xfce screensaver is doing a big
clean-up of the code which I believe will long-term help improve its
quality, but while that's happening it does introduce some risk. IMHO it
will be prudent to give it a few months to make any kind of judgement
call on any form of default. Yves-Alexis also feels strongly that only
one of these should be available to decrease support (as in bug/security
fixes etc) load.

> Closing this bug should be enough...?

I actually thought I had done so already yesterday, closing bug...

-Jonathan