[Debian-iot-maintainers] Bug#1062257: Bug#1062257: libcoap3: NMU diff for 64-bit time_t transition

Steve Langasek vorlon at debian.org
Thu Feb 1 08:30:25 GMT 2024


On Thu, Feb 01, 2024 at 07:45:57AM +0100, Carsten Schoenert wrote:
> Hello Steve,

> Am 31.01.24 um 21:59 schrieb Steve Langasek:
> ...
> > Please find the patch for this NMU attached.

> > If you have any concerns about this patch, please reach out ASAP.
>                                              ^^^^^^^^^^^^^^^^^^^^^^
> >  Although
> > this package will be uploaded to experimental immediately, there will be a
> > period of several days before we begin uploads to unstable; so if information
> > becomes available that your package should not be included in the transition,
> > there is time for us to amend the planned uploads.

> I'm a bit puzzled and disappointed.

> libcopap3 isn't a package that is within the QA group nor is it bit rotting.

> What is the rationale behind rising a bug report at 9:51pm my time and
> firing a *direct* NMU upload just 11min later (according to the time stamps
> from the emails)?

There are 1200+ source packages that require NMUing and the Debian archive
is a moving target.  In the past 3 days the list of packages requiring
uploads has been regenerated 3 times with changes each time due to archive
removals, new sonames in unstable, etc.  Churning through the list of 1200
packages is at this rate going to take at least a week (after 4 days we've
gotten bugs filed and NMUs to experimental completed for less than 400 of
the 1200 packages).  It is not practical to leave a gap of any significant
length of time between the filing of bugs in patches and the uploads to
experimental.

There will be a pause between the uploads to experimental, and the uploads
to unstable, which gives space for maintainer feedback while we run analysis
against the contents of experimental with regards to usrmerge.

> I as the uploader for libcoap have no chance to do any action on this bug
> report! This behavior I'm not expecting within Debian.
> What are the plans now with forwarding the underlying issue to upstream?
> Upstream is very responsive and I've good contacts to the upstream authors,
> but who is doing this work now?

This is an ABI change resulting from a change to compiler flags.  You will
see the diff includes no changes to upstream source.  There is nothing to
forward.

> I read the wiki page mentioned from the initial email again, also there I
> can't find a written plan that would explain me why the bug reporting
> together with a direct upload did happen. I see no plan there what will
> happen on what time.

> Why no usual muss bug filling did happen so groups and maintainers would
> have some knowledge about these planned changes? BTW: I've no problem with
> the technical thing what is happen, but I need to deal also with other
> things too like a CVE fix for libcopa3.

Since this has only been uploaded to experimental, I would expect this does
not interfere with your CVE handling?

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-iot-maintainers/attachments/20240201/fca03f3f/attachment.sig>


More information about the Debian-iot-maintainers mailing list