-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-08-03 18:45, Marcus Rueckert wrote:
nobody is brushing issues asside. I have been working 2-3 hours or so today on getting things moving.
Yes, they have. The bugzilla has been closed several times as WONTFIX, that is, will not fix. So, go away, that's what they told me.
The way he was discussing the issue and behaving if people didnt 100% followed his view, wasnt really constructive at all. Even after we pointed out that his claims had been wrong.
So instead of whining on as many lists/channels as possible, it would have been way more productive to ask people
"is it possible to fix the keys and how?" "how is the best way to notify them? "who can help me with that?" "how can we improve it in the future"
Nobody told me how to report or handle this. It is not documented. I'm not a packager, I know next to nothing about how the OBS works. The report started in the forum. I verified the issue. I considered it a security issue, a grave and urgent one, although it does not affect me. So I thought I would report it officially on behalf of others. First I reported in a bugzilla, which I understand is the official communication method for bugs in the openSUSE project, and I waited about two days. No answer. Then I reported on the project list, and waited one or two days more. No answer. Then I reported on the security list, and only then I started to see a reaction, namely, close the issue as wontfix. Nobody took the time to tell me: "ok, we'll take this over to the packaging list", or where ever is appropriate. Most took time to rebate that it was not an issue, that the sample repo I gave was corrected, that it was not their problem, whatever. Few people have been helpful. It appears that somebody (you say you worked some hours in this and I believe you) did take this to the packaging list (to which I'm not subscribed), and maintainers have started to correct their PGP keys - which remember is an important security issue - but nobody took the time to drop me a line saying that they were handling this. Nobody. And from the little I'm reading here (I'm not subscribed to the packaging list, no idea what has been said there), it appears that you (plural) are blaming me with not very kind words. That's what happens to somebody trying to help. For an issue that, let me remind you, does not affect me, but others for whom I took the burden of reporting. No more. (I have received kind letters, off list, even from people outside the project, about this. Thanks go to them) - -- Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxYcB8ACgkQU92UU+smfQVHEACfQe0PyFyn1xwCGzcFm6aNv0dh s74AnjbCklWwHCyv4FBF7bnE8IGDCeCw =ws9N -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org