Debian Bug report logs - #568141
Syncing of version numbers after point release should be more explicit

Package: www.debian.org; Maintainer for www.debian.org is Debian WWW Team <debian-www@lists.debian.org>;

Reported by: Helge Kreutzmann <debian@helgefjell.de>

Date: Tue, 2 Feb 2010 18:18:02 UTC

Severity: wishlist

Tags: wontfix

Done: Simon Paillard <spaillard@mraw.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Tue, 02 Feb 2010 18:18:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Helge Kreutzmann <debian@helgefjell.de>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 02 Feb 2010 18:18:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Helge Kreutzmann <debian@helgefjell.de>
To: submit@bugs.debian.org
Subject: release.debian.org: Latest point release hard to follow / confusing
Date: Tue, 2 Feb 2010 19:15:01 +0100
[Message part 1 (text/plain, inline)]
Package: release.debian.org
Severity: important

Recently a point release was shipped (being installed as I type). At
the time of releasing (i.e. when apt saw it) no notice was available
on www.debian.org to verify what was upgraded and the version.

Now the News is up (News/2010/20100130.wml) and since it unfortunately
as usual does not mention the new version of each software (which is
done in every DSA) I as usual went to http://packages.debian.org/XXX
for each package XXX to look for the latest version but to my suprise
I saw the following:

Package/Version shipped vs. http://packages.debian.org/

python-xml (0.8.4-10.1+lenny1) vs. 0.8.4-10.1   
wireshark (1.0.2-3+lenny8) vs. 1.0.2-3+lenny7   
xfs (1:1.0.8-2.2+lenny1) vs. 1:1.0.8-2.1        
kazehakase (0.5.4-2.2+lenny1) vs. 0.5.4-2.2     
base-files (5lenny5) vs. 5lenny4                
...

Obviously different from previous updates this page is out of date. I
was almost considering stopping the update when I checked
http://packages.qa.debian.org/XXX instead (how am I to know that this
page is correct???). 

Here for all packages fortunately the latest version was printed, but
again confusingly. For example, for dhcp3 in column stable the latest
version was given but not in the column stable-sec, while for wireshare 
it was reversed, i.e. the latest version was in stable-sec not stable
column.

Upgrading a system is a delicate process. Since there is no DSA I've to
rely on www.debian.org that everything is ok. A very basic check is
the version number. For this update it was *hard* to check it.

My suggestion: First update www.debian.org (*with* version numbers)
and then push the update out to the mirrors. And secondly unify the
versions given in http://packages.debian.org/XXX and
http://packages.qa.debian.org/XXX (and in the latter also where the
latest one is printed).

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27.10-grsec-cz03
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8)
Shell: /bin/sh linked to /bin/bash
-- 
      Dr. Helge Kreutzmann                     debian@helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Tue, 02 Feb 2010 19:27:08 GMT) Full text and rfc822 format available.

Message #8 received at 568141@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: Helge Kreutzmann <debian@helgefjell.de>, 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Tue, 2 Feb 2010 20:24:23 +0100
[Message part 1 (text/plain, inline)]
On Tue, Feb 02, 2010 at 07:15:01PM +0100, Helge Kreutzmann wrote:
> Obviously different from previous updates this page is out of date. I
> was almost considering stopping the update when I checked
> http://packages.qa.debian.org/XXX instead (how am I to know that this
> page is correct???). 

What are you checking on upgrade?  If it's for integrity: point releases are
signed with an offline key in addition to the normal archive key.  So you
can check Release based on Release.gpg and there's then a defined trust
path.

The mail to debian-announce[1] might not list the versions but it does list
the changes introduced.  And you should be able to find the concrete
changelogs a) in the package through apt-listchanges and b) on
packages.qa.d.o.

I'm happy to adjust the process, however it's difficult to get all people
involved present and awake for the whole timespan of a point release.

(I.e. we started at about 19 UTC and finshed at 23:30 UTC.  The mirror
push was supposed to happened after the next dinstall at 01:52 UTC.
Due to a glitch the actual sync only happened after the ftp-master was
awake again at 9:30 UTC.  And the press release came in even later, too.
So not everything worked as expected on this one.)

Kind regards,
Philipp Kern

[1] http://lists.debian.org/debian-announce/2010/msg00001.html
-- 
 .''`.  Philipp Kern                        Debian Developer
: :' :  http://philkern.de                         Stable Release Manager
`. `'   xmpp:phil@0x539.de                         Wanna-Build Admin
  `-    finger pkern/key@db.debian.org
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Tue, 02 Feb 2010 20:27:15 GMT) Full text and rfc822 format available.

Acknowledgement sent to Helge Kreutzmann <debian@helgefjell.de>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 02 Feb 2010 20:27:15 GMT) Full text and rfc822 format available.

Message #13 received at 568141@bugs.debian.org (full text, mbox):

From: Helge Kreutzmann <debian@helgefjell.de>
To: Philipp Kern <pkern@debian.org>
Cc: 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Tue, 2 Feb 2010 21:04:20 +0100
[Message part 1 (text/plain, inline)]
Hello Philipp,
On Tue, Feb 02, 2010 at 08:24:23PM +0100, Philipp Kern wrote:
> On Tue, Feb 02, 2010 at 07:15:01PM +0100, Helge Kreutzmann wrote:
> > Obviously different from previous updates this page is out of date. I
> > was almost considering stopping the update when I checked
> > http://packages.qa.debian.org/XXX instead (how am I to know that this
> > page is correct???). 
> 
> What are you checking on upgrade?  If it's for integrity: point releases are
> signed with an offline key in addition to the normal archive key.  So you
> can check Release based on Release.gpg and there's then a defined trust
> path.

Essentially it is a second check for integrity (call me paranoid, but
I'd like to match the version apt-listchanges displays me to the one I
obtained via a different path). It's also a delayed QA, once or twice
I caught a typo in a DSA this way.

I'm well aware about the trust path and the risks mitigated/involved
in the signing process and do not question it.

> The mail to debian-announce[1] might not list the versions but it does list
> the changes introduced.  And you should be able to find the concrete
> changelogs a) in the package through apt-listchanges and b) on
> packages.qa.d.o.

Yes, I could compare the changes also, but this is more tedious than
version numbers (e.g. for linux-2.6). 

And up to now the similar sounding site http://packages.debian.org
also showed the latest version, which is not the case now. This time
only packages.qa.d.o show the latest version, and then sometimes in
the category "stable" and sometimes in "stable-sec" (I don't know if
that was the case previously as well).

> I'm happy to adjust the process, however it's difficult to get all people
> involved present and awake for the whole timespan of a point release.
> 
> (I.e. we started at about 19 UTC and finshed at 23:30 UTC.  The mirror
> push was supposed to happened after the next dinstall at 01:52 UTC.
> Due to a glitch the actual sync only happened after the ftp-master was
> awake again at 9:30 UTC.  And the press release came in even later, too.
> So not everything worked as expected on this one.)

I'm not detailed in the process (thanks for the explanation) and I
just made a suggestion in my intial mail about a possible improvement.
So if this unfortunate incident happend because of one time glitches,
no problem, but this still would not explain why
http://packages.debian.org is outdated.

So essentially there should be a canonical reliable way to obtain the
version numbers.

Greetings

          Helge

-- 
      Dr. Helge Kreutzmann                     debian@helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Tue, 02 Feb 2010 20:27:17 GMT) Full text and rfc822 format available.

Message #16 received at 568141@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: Helge Kreutzmann <debian@helgefjell.de>
Cc: 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Tue, 2 Feb 2010 21:08:10 +0100
[Message part 1 (text/plain, inline)]
On Tue, Feb 02, 2010 at 09:04:20PM +0100, Helge Kreutzmann wrote:
> I'm not detailed in the process (thanks for the explanation) and I
> just made a suggestion in my intial mail about a possible improvement.
> So if this unfortunate incident happend because of one time glitches,
> no problem, but this still would not explain why
> http://packages.debian.org is outdated.

I think there is a thread on d-www about the Greek mirror being out of
date.

Kind regards,
Philipp Kern
-- 
 .''`.  Philipp Kern                        Debian Developer
: :' :  http://philkern.de                         Stable Release Manager
`. `'   xmpp:phil@0x539.de                         Wanna-Build Admin
  `-    finger pkern/key@db.debian.org
[signature.asc (application/pgp-signature, inline)]

Reply sent to Julien Cristau <jcristau@debian.org>:
You have taken responsibility. (Fri, 13 May 2011 23:33:09 GMT) Full text and rfc822 format available.

Notification sent to Helge Kreutzmann <debian@helgefjell.de>:
Bug acknowledged by developer. (Fri, 13 May 2011 23:33:09 GMT) Full text and rfc822 format available.

Message #21 received at 568141-done@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Helge Kreutzmann <debian@helgefjell.de>, 568141-done@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 01:31:16 +0200
On Tue, Feb  2, 2010 at 19:15:01 +0100, Helge Kreutzmann wrote:

> Recently a point release was shipped (being installed as I type). At
> the time of releasing (i.e. when apt saw it) no notice was available
> on www.debian.org to verify what was upgraded and the version.
> 
So don't upgrade until you get the announcement.  Closing this bug.

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Sat, 14 May 2011 08:24:19 GMT) Full text and rfc822 format available.

Acknowledgement sent to Helge Kreutzmann <debian@helgefjell.de>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 14 May 2011 08:24:20 GMT) Full text and rfc822 format available.

Message #26 received at 568141@bugs.debian.org (full text, mbox):

From: Helge Kreutzmann <debian@helgefjell.de>
To: Julien Cristau <jcristau@debian.org>
Cc: 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 10:23:04 +0200
[Message part 1 (text/plain, inline)]
reopen 568141
thanks

Hello Julien,
On Sat, May 14, 2011 at 01:31:16AM +0200, Julien Cristau wrote:
> On Tue, Feb  2, 2010 at 19:15:01 +0100, Helge Kreutzmann wrote:
> 
> > Recently a point release was shipped (being installed as I type). At
> > the time of releasing (i.e. when apt saw it) no notice was available
> > on www.debian.org to verify what was upgraded and the version.
> > 
> So don't upgrade until you get the announcement.  Closing this bug.

Please read the entire bug report before closing. Reading only the
first paragraph might lead to jumping to wrong conclusions. (Also the
discussion already progressed in the bug trail btw.).

The next paragraph (which you deleted) reads:
 Now the News is up (News/2010/20100130.wml) and since it
 unfortunately as usual does not mention the new version of each software
 (which is done in every DSA) I as usual went to
 http://packages.debian.org/XXX
 for each package XXX to look for the latest version but to my suprise
 I saw the following:

... 

and then the bug report continues about inconsistencies between
various version reports on Debian sites. So it is clearly not about a
missing announcement and reading it ("News/2010/20100130.wml") does
not help (so in fact I even *did* get the announcement, though
"getting" it is another issue one could discuss).

Greetings

           Helge
-- 
      Dr. Helge Kreutzmann                     debian@helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
[signature.asc (application/pgp-signature, inline)]

Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 14 May 2011 08:24:21 GMT) Full text and rfc822 format available.

Reply sent to Julien Cristau <jcristau@debian.org>:
You have taken responsibility. (Sat, 14 May 2011 08:36:11 GMT) Full text and rfc822 format available.

Notification sent to Helge Kreutzmann <debian@helgefjell.de>:
Bug acknowledged by developer. (Sat, 14 May 2011 08:36:11 GMT) Full text and rfc822 format available.

Message #33 received at 568141-done@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Helge Kreutzmann <debian@helgefjell.de>
Cc: 568141-done@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 10:33:21 +0200
On Sat, May 14, 2011 at 10:23:04 +0200, Helge Kreutzmann wrote:

> reopen 568141
> thanks
> 
> Hello Julien,
> On Sat, May 14, 2011 at 01:31:16AM +0200, Julien Cristau wrote:
> > On Tue, Feb  2, 2010 at 19:15:01 +0100, Helge Kreutzmann wrote:
> > 
> > > Recently a point release was shipped (being installed as I type). At
> > > the time of releasing (i.e. when apt saw it) no notice was available
> > > on www.debian.org to verify what was upgraded and the version.
> > > 
> > So don't upgrade until you get the announcement.  Closing this bug.
> 
> Please read the entire bug report before closing. Reading only the
> first paragraph might lead to jumping to wrong conclusions. (Also the
> discussion already progressed in the bug trail btw.).
> 
> The next paragraph (which you deleted) reads:
>  Now the News is up (News/2010/20100130.wml) and since it
>  unfortunately as usual does not mention the new version of each software
>  (which is done in every DSA) I as usual went to
>  http://packages.debian.org/XXX
>  for each package XXX to look for the latest version but to my suprise
>  I saw the following:
> 
> ... 
> 
> and then the bug report continues about inconsistencies between
> various version reports on Debian sites. So it is clearly not about a
> missing announcement and reading it ("News/2010/20100130.wml") does
> not help (so in fact I even *did* get the announcement, though
> "getting" it is another issue one could discuss).
> 
This is still about the fact that you're expecting all debian.org
resources to be in sync at point release time.  I don't think that's
reasonable, the release process is complicated enough as it is.  Please
don't reopen.

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Sat, 14 May 2011 08:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Helge Kreutzmann <debian@helgefjell.de>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 14 May 2011 08:48:09 GMT) Full text and rfc822 format available.

Message #38 received at 568141@bugs.debian.org (full text, mbox):

From: Helge Kreutzmann <debian@helgefjell.de>
To: Julien Cristau <jcristau@debian.org>
Cc: 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 10:44:37 +0200
[Message part 1 (text/plain, inline)]
Hello Julien,
On Sat, May 14, 2011 at 10:33:21AM +0200, Julien Cristau wrote:
> This is still about the fact that you're expecting all debian.org
> resources to be in sync at point release time.  I don't think that's
> reasonable, the release process is complicated enough as it is.  Please
> don't reopen.
 
I'm not saying it is easy, I'm not saying that this is a "must fix",
I'm not saying someone is to blame, etc.

But you are saying: "This is a problem (bug) but I don't want to see a
report about it?" I belived that Debian is not hiding problems. And,
the bts has a tag called "wontfix" to indicate a problem a fix cannot
be found.

I hope you can enlighten me why this problem should not be documented
in the bts.

Greetings

           Helge


-- 
      Dr. Helge Kreutzmann                     debian@helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Sat, 14 May 2011 10:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 14 May 2011 10:45:05 GMT) Full text and rfc822 format available.

Message #43 received at 568141@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: Helge Kreutzmann <debian@helgefjell.de>, 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 12:43:55 +0200
On 05/14/2011 10:44 AM, Helge Kreutzmann wrote:
> Hello Julien,
> On Sat, May 14, 2011 at 10:33:21AM +0200, Julien Cristau wrote:
>> This is still about the fact that you're expecting all debian.org
>> resources to be in sync at point release time.  I don't think that's
>> reasonable, the release process is complicated enough as it is.  Please
>> don't reopen.
>  
> I'm not saying it is easy, I'm not saying that this is a "must fix",
> I'm not saying someone is to blame, etc.
> 
> But you are saying: "This is a problem (bug) but I don't want to see a
> report about it?" I belived that Debian is not hiding problems. And,
> the bts has a tag called "wontfix" to indicate a problem a fix cannot
> be found.
> 
> I hope you can enlighten me why this problem should not be documented
> in the bts.

There currently are mails to inform people of upcoming point releases
and mails to announce point releases when everything is available on the
mirror network. What is it that you are still missing and what exactly
can be done to get that fixed?

Cheers

Luk




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Sat, 14 May 2011 15:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Helge Kreutzmann <debian@helgefjell.de>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 14 May 2011 15:15:04 GMT) Full text and rfc822 format available.

Message #48 received at 568141@bugs.debian.org (full text, mbox):

From: Helge Kreutzmann <debian@helgefjell.de>
To: Luk Claes <luk@debian.org>
Cc: 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 17:13:39 +0200
[Message part 1 (text/plain, inline)]
Hello Luk,
On Sat, May 14, 2011 at 12:43:55PM +0200, Luk Claes wrote:
> On 05/14/2011 10:44 AM, Helge Kreutzmann wrote:
> > On Sat, May 14, 2011 at 10:33:21AM +0200, Julien Cristau wrote:
> >> This is still about the fact that you're expecting all debian.org
> >> resources to be in sync at point release time.  I don't think that's
> >> reasonable, the release process is complicated enough as it is.  Please
> >> don't reopen.
> >  
> > I'm not saying it is easy, I'm not saying that this is a "must fix",
> > I'm not saying someone is to blame, etc.
> > 
> > But you are saying: "This is a problem (bug) but I don't want to see a
> > report about it?" I belived that Debian is not hiding problems. And,
> > the bts has a tag called "wontfix" to indicate a problem a fix cannot
> > be found.
> > 
> > I hope you can enlighten me why this problem should not be documented
> > in the bts.
> 
> There currently are mails to inform people of upcoming point releases
> and mails to announce point releases when everything is available on the
> mirror network. What is it that you are still missing and what exactly
> can be done to get that fixed?

It is currently not clear which pages are current and which pages are
out of date regarding version numbers after point updates.

A fix could be some note on e.g. http://packages.debian.org/ that the
version numbers after point releases might be (slightly) out of date
and that in case of doubt http://packages.qa.debian.org/ should be
used.

Another fix was proposed in my initial bug report (why is nobody
reading this?) already:
 My suggestion: First update www.debian.org (*with* version numbers)
 and then push the update out to the mirrors. And secondly unify the
 versions given in http://packages.debian.org/XXX and
 http://packages.qa.debian.org/XXX (and in the latter also where the
 latest one is printed).

Hope this clarifies.

Do you agree to reopen this bug now? (After having explained the initial 
report again and having proposed two possible solutions)

Thanks!

Greetings

              Helge

P.S. And of course, adding version numbers in the NEWS on
www.debian.org, e.g. News/2010/20100130.wml, would also solve the
immediate problem ...
-- 
      Dr. Helge Kreutzmann                     debian@helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Sat, 14 May 2011 15:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 14 May 2011 15:45:03 GMT) Full text and rfc822 format available.

Message #53 received at 568141@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: Helge Kreutzmann <debian@helgefjell.de>, 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 17:42:23 +0200
On 05/14/2011 05:13 PM, Helge Kreutzmann wrote:
> Hello Luk,
> On Sat, May 14, 2011 at 12:43:55PM +0200, Luk Claes wrote:
>> On 05/14/2011 10:44 AM, Helge Kreutzmann wrote:
>>> On Sat, May 14, 2011 at 10:33:21AM +0200, Julien Cristau wrote:
>>>> This is still about the fact that you're expecting all debian.org
>>>> resources to be in sync at point release time.  I don't think that's
>>>> reasonable, the release process is complicated enough as it is.  Please
>>>> don't reopen.
>>>  
>>> I'm not saying it is easy, I'm not saying that this is a "must fix",
>>> I'm not saying someone is to blame, etc.
>>>
>>> But you are saying: "This is a problem (bug) but I don't want to see a
>>> report about it?" I belived that Debian is not hiding problems. And,
>>> the bts has a tag called "wontfix" to indicate a problem a fix cannot
>>> be found.
>>>
>>> I hope you can enlighten me why this problem should not be documented
>>> in the bts.
>>
>> There currently are mails to inform people of upcoming point releases
>> and mails to announce point releases when everything is available on the
>> mirror network. What is it that you are still missing and what exactly
>> can be done to get that fixed?
> 
> It is currently not clear which pages are current and which pages are
> out of date regarding version numbers after point updates.
> 
> A fix could be some note on e.g. http://packages.debian.org/ that the
> version numbers after point releases might be (slightly) out of date
> and that in case of doubt http://packages.qa.debian.org/ should be
> used.

This has nothing to do with release.debian.org, but with syncs the
website and QA teams are responsible of AFAICT.

> Another fix was proposed in my initial bug report (why is nobody
> reading this?) already:
>  My suggestion: First update www.debian.org (*with* version numbers)
>  and then push the update out to the mirrors. And secondly unify the
>  versions given in http://packages.debian.org/XXX and
>  http://packages.qa.debian.org/XXX (and in the latter also where the
>  latest one is printed).

The website update should only happen once the mirrors are populated
according to the mirror team which makes perfectly sense to me.

> Hope this clarifies.
> 
> Do you agree to reopen this bug now? (After having explained the initial 
> report again and having proposed two possible solutions)

I'm afraid you'll get nowhere by reopening the bug. The sync scripts for
packages.debian.org and packages.qa.debian.org are suboptimal in that
they show out-of-date information also when there is no point release.
So that might be something to look at by the website and/or QA teams.

> P.S. And of course, adding version numbers in the NEWS on
> www.debian.org, e.g. News/2010/20100130.wml, would also solve the
> immediate problem ...

That might be possible, though would need some better integration of the
tools (patches are probably welcome) and coordination with the press
team that they are fine with the changes.

Cheers

Luk




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#568141; Package release.debian.org. (Sat, 14 May 2011 15:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Helge Kreutzmann <debian@helgefjell.de>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 14 May 2011 15:51:03 GMT) Full text and rfc822 format available.

Message #58 received at 568141@bugs.debian.org (full text, mbox):

From: Helge Kreutzmann <debian@helgefjell.de>
To: Luk Claes <luk@debian.org>
Cc: 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 17:50:02 +0200
[Message part 1 (text/plain, inline)]
reopen 568141
reassign 568141 www.debian.org
retitle 568141 Syncing of version numbers after point release should be more explicit

Hello Luk,
On Sat, May 14, 2011 at 05:42:23PM +0200, Luk Claes wrote:
> On 05/14/2011 05:13 PM, Helge Kreutzmann wrote:
> > On Sat, May 14, 2011 at 12:43:55PM +0200, Luk Claes wrote:
> >> On 05/14/2011 10:44 AM, Helge Kreutzmann wrote:
> >>> On Sat, May 14, 2011 at 10:33:21AM +0200, Julien Cristau wrote:
> >>>> This is still about the fact that you're expecting all debian.org
> >>>> resources to be in sync at point release time.  I don't think that's
> >>>> reasonable, the release process is complicated enough as it is.  Please
> >>>> don't reopen.
> >>>  
> >>> I'm not saying it is easy, I'm not saying that this is a "must fix",
> >>> I'm not saying someone is to blame, etc.
> >>>
> >>> But you are saying: "This is a problem (bug) but I don't want to see a
> >>> report about it?" I belived that Debian is not hiding problems. And,
> >>> the bts has a tag called "wontfix" to indicate a problem a fix cannot
> >>> be found.
> >>>
> >>> I hope you can enlighten me why this problem should not be documented
> >>> in the bts.
> >>
> >> There currently are mails to inform people of upcoming point releases
> >> and mails to announce point releases when everything is available on the
> >> mirror network. What is it that you are still missing and what exactly
> >> can be done to get that fixed?
> > 
> > It is currently not clear which pages are current and which pages are
> > out of date regarding version numbers after point updates.
> > 
> > A fix could be some note on e.g. http://packages.debian.org/ that the
> > version numbers after point releases might be (slightly) out of date
> > and that in case of doubt http://packages.qa.debian.org/ should be
> > used.
> 
> This has nothing to do with release.debian.org, but with syncs the
> website and QA teams are responsible of AFAICT.

So it would be sensible to reassign this to www.debian.org?

> > Another fix was proposed in my initial bug report (why is nobody
> > reading this?) already:
> >  My suggestion: First update www.debian.org (*with* version numbers)
> >  and then push the update out to the mirrors. And secondly unify the
> >  versions given in http://packages.debian.org/XXX and
> >  http://packages.qa.debian.org/XXX (and in the latter also where the
> >  latest one is printed).
> 
> The website update should only happen once the mirrors are populated
> according to the mirror team which makes perfectly sense to me.

Fine, a note along this could be put on the above mentioned pages as
well.

> > Hope this clarifies.
> > 
> > Do you agree to reopen this bug now? (After having explained the initial 
> > report again and having proposed two possible solutions)
> 
> I'm afraid you'll get nowhere by reopening the bug. The sync scripts for
> packages.debian.org and packages.qa.debian.org are suboptimal in that
> they show out-of-date information also when there is no point release.
> So that might be something to look at by the website and/or QA teams.

Well, identifying a problem is the first step, even if no (immediate)
fix is possible. So that's no reason not to reopen, even if this bug
has to remain open for some time to come.

And again, reassigning to the www.debian.org seems to make perfectly
sense to me now.

> > P.S. And of course, adding version numbers in the NEWS on
> > www.debian.org, e.g. News/2010/20100130.wml, would also solve the
> > immediate problem ...
> 
> That might be possible, though would need some better integration of the
> tools (patches are probably welcome) and coordination with the press
> team that they are fine with the changes.

Given that again this happens on the website, I will reopen this bug
now and assign it to www.debian.org for their evaluation.

Greetings

           Helge
-- 
      Dr. Helge Kreutzmann                     debian@helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
[signature.asc (application/pgp-signature, inline)]

Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 14 May 2011 15:51:07 GMT) Full text and rfc822 format available.

Bug reassigned from package 'release.debian.org' to 'www.debian.org'. Request was from Helge Kreutzmann <debian@helgefjell.de> to control@bugs.debian.org. (Sat, 14 May 2011 15:51:07 GMT) Full text and rfc822 format available.

Changed Bug title to 'Syncing of version numbers after point release should be more explicit' from 'release.debian.org: Latest point release hard to follow / confusing' Request was from Helge Kreutzmann <debian@helgefjell.de> to control@bugs.debian.org. (Sat, 14 May 2011 15:51:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian WWW Team <debian-www@lists.debian.org>:
Bug#568141; Package www.debian.org. (Sat, 14 May 2011 16:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian WWW Team <debian-www@lists.debian.org>. (Sat, 14 May 2011 16:00:03 GMT) Full text and rfc822 format available.

Message #69 received at 568141@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Helge Kreutzmann <debian@helgefjell.de>, 568141@bugs.debian.org
Cc: Luk Claes <luk@debian.org>
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 17:57:55 +0200
On Sat, May 14, 2011 at 17:50:02 +0200, Helge Kreutzmann wrote:

> So it would be sensible to reassign this to www.debian.org?
> 
No, it would be sensible to drop this instead of wasting more people's
time on a non-issue.

Cheers,
Julien




Information forwarded to debian-bugs-dist@lists.debian.org, Debian WWW Team <debian-www@lists.debian.org>:
Bug#568141; Package www.debian.org. (Sat, 14 May 2011 16:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to David Prévot <david@tilapin.org>:
Extra info received and forwarded to list. Copy sent to Debian WWW Team <debian-www@lists.debian.org>. (Sat, 14 May 2011 16:54:03 GMT) Full text and rfc822 format available.

Message #74 received at 568141@bugs.debian.org (full text, mbox):

From: David Prévot <david@tilapin.org>
To: 568141@bugs.debian.org, Helge Kreutzmann <debian@helgefjell.de>
Cc: Julien Cristau <jcristau@debian.org>, Luk Claes <luk@debian.org>
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sat, 14 May 2011 12:51:16 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

user www.debian.org@packages.debian.org
usertags 568141 packages
tags 568141 wishlist
thanks

Le 14/05/2011 11:57, Julien Cristau a écrit :
> On Sat, May 14, 2011 at 17:50:02 +0200, Helge Kreutzmann wrote:
> 
>> So it would be sensible to reassign this to www.debian.org?
>>
> No, it would be sensible to drop this instead of wasting more people's
> time on a non-issue.

Seems like the most sensible approach to me too…

>>>> On 05/14/2011 10:44 AM, Helge Kreutzmann wrote:

>>> Another fix was proposed in my initial bug report (why is nobody
>>> reading this?) already:

Please don't assume that every other person is just a dummy or silly one
who can't read (imagine what people may think of someone who makes such
assumption)…

>>>  And secondly unify the
>>>  versions given in http://packages.debian.org/XXX and
>>>  http://packages.qa.debian.org/XXX (and in the latter also where the
>>>  latest one is printed).

Already done, some glitches may delay the update, that's all.

Mentioning on every packages.d.o page that the version might be newer in
the actual repository doesn't really make sense to me, maybe a note in
the about page [0] to describe a bit more how it works could be welcome
(and make this page translatable would also be a good idea ;-).

[0] http://packages.debian.org/about/

Regards

David

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJNzrLuAAoJELgqIXr9/gny4qAQAJDLsjjrSkSUFScC82kl4UFO
4JfZaKbTdVVuHnMjvb7Lnl/fFwEz9oE/fo79p7tpGGYRRWKqIqKvlsFm+z2EkC11
p1cV4ubwdLWU09sGDikZmMi3kHaHEfC2QMLnZXWFkoZjM4X2u8LIdDt6lBourngd
O4fWRnF2SelIYlfUdz1CO3i6fV0zYR1/co/Y26LEC0O2sYQo90u+RkV8+619q6nT
Gq5NHHx6ybvlVlZzLTOroZv0Fjt60pAGqPorerR3W9Df3dGHrj9LCLY0JZw64FvA
PnXuTRERMsr+kmBTbwi4MuOaSjR77mZV+UYD+hys/f1m9HSijKNrbIgPh2LOZ0uI
GjguglXiK8UH/1LwWUY28E9aKaYajliMOSmBkVe7OnY4VTnQdcJCG648FVML+k8L
AbWpUuTTCl741Cev3GhiADFPRf7bCpuOwcGRUIcwqs8RFEGH/+0U7/olS2p83PNR
ZNRH6h5ZEAVQMZpzSbFggvD1BV8C8D3ffO9OBFI7pxPH8E/nvI2UA82wYJMjPoFo
dKBacFK26YPMxP5oUS+gI7fxlUUPG52imkSnsx3mG3UZDc2LbM5bmjPHkhFl5SI6
+SpwOrnBuRqgJWfLQbWW9rXrTcoGeSEOmpXEVOXfaW29QbaPusP2ruwYhZhzNSg+
583ajL7QnoJ1GjeeD3aP
=R3fV
-----END PGP SIGNATURE-----




Severity set to 'wishlist' from 'important' Request was from David Prévot <david@tilapin.org> to control@bugs.debian.org. (Sat, 14 May 2011 23:39:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian WWW Team <debian-www@lists.debian.org>:
Bug#568141; Package www.debian.org. (Sun, 15 May 2011 11:45:02 GMT) Full text and rfc822 format available.

Message #79 received at 568141@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: Helge Kreutzmann <debian@helgefjell.de>, 568141@bugs.debian.org
Cc: press@debian.org, debian-www@lists.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Sun, 15 May 2011 13:40:57 +0200
[Message part 1 (text/plain, inline)]
On Tue, Feb 02, 2010 at 07:15:01PM +0100, Helge Kreutzmann wrote:
> Upgrading a system is a delicate process. Since there is no DSA I've to
> rely on www.debian.org that everything is ok. A very basic check is
> the version number. For this update it was *hard* to check it.

That source isn't trustable given that it's not secured in any way.
What's trustable is the trust chain to the update, including the sources.
So you're of course free to fetch the sources and to check them against
snapshots.d.o (iff there's a way to verify the latter, as the old
versions are only kept for a few days post-point-release).

Apart from that all we'd need would be a "correction" wml tag that
actually takes and displays a version.  It'd be easy to generate the
wml input based on that, given that it's template-based[1] already.

Kind regards,
Philipp Kern

[1] http://git.debian.org/?p=debian-release/release-tools.git;a=blob;f=scripts/TEMPLATE.wml;h=ffc36fbd8f836fa558f4c28780c2a0701962e80d;hb=HEAD
-- 
 .''`.  Philipp Kern                        Debian Developer
: :' :  http://philkern.de                         Stable Release Manager
`. `'   xmpp:phil@0x539.de                         Wanna-Build Admin
  `-    finger pkern/key@db.debian.org
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian WWW Team <debian-www@lists.debian.org>:
Bug#568141; Package www.debian.org. (Mon, 16 May 2011 13:21:21 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alexander Reichle-Schmehl <tolimar@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian WWW Team <debian-www@lists.debian.org>. (Mon, 16 May 2011 13:21:23 GMT) Full text and rfc822 format available.

Message #84 received at 568141@bugs.debian.org (full text, mbox):

From: Alexander Reichle-Schmehl <tolimar@debian.org>
To: 568141@bugs.debian.org
Subject: Re: Bug#568141: release.debian.org: Latest point release hard to follow / confusing
Date: Mon, 16 May 2011 15:19:32 +0200
Hi!

* Luk Claes <luk@debian.org> [110514 17:42]:

> > P.S. And of course, adding version numbers in the NEWS on
> > www.debian.org, e.g. News/2010/20100130.wml, would also solve the
> > immediate problem ...
> That might be possible, though would need some better integration of the
> tools (patches are probably welcome) and coordination with the press
> team that they are fine with the changes.

Given that there is a reliable way to verify the integrity of updates,
which is far supperior to access untrusted websites, I don't see a bug
per se, and as we don't add new upstream versions, I don't think the
newly shipped versions should be named in the announcement (it is
already kind of ugly and boring).

Best Regards,
  Alexander




Added tag(s) wontfix. Request was from Simon Paillard <spaillard@mraw.org> to control@bugs.debian.org. (Tue, 22 Oct 2013 20:27:04 GMT) Full text and rfc822 format available.

Marked Bug as done Request was from Simon Paillard <spaillard@mraw.org> to control@bugs.debian.org. (Tue, 22 Oct 2013 20:27:14 GMT) Full text and rfc822 format available.

Notification sent to Helge Kreutzmann <debian@helgefjell.de>:
Bug acknowledged by developer. (Tue, 22 Oct 2013 20:27:15 GMT) Full text and rfc822 format available.

Message sent on to Helge Kreutzmann <debian@helgefjell.de>:
Bug#568141. (Tue, 22 Oct 2013 20:27:33 GMT) Full text and rfc822 format available.

Message #93 received at 568141-submitter@bugs.debian.org (full text, mbox):

From: Simon Paillard <spaillard@mraw.org>
To: control@bugs.debian.org
Cc: 568141-submitter@bugs.debian.org
Subject: closing 568141
Date: Tue, 22 Oct 2013 22:24:15 +0200
close 568141 
thanks

atomic release across all debian.org services not realistic today.

-- 
Simon Paillard



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 20 Nov 2013 07:32:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 12:01:13 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.