Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian Refuses To Push Timezone Update For NZ DST

Posted by kdawson on from the does-anyone-really-know-what-time-it-is dept.

Jasper Bryant-Greene writes "Although a tzdata release that includes New Zealand's recent DST changes (2007f) has been out for some time, Debian are refusing to push the update from testing into the current stable distribution, codenamed Etch, on the basis that 'it's not a security bug.' This means that unless New Zealand sysadmins install the package manually, pull the package from testing, or alter the timezone to 'GMT-13' manually, all systems running Debian Etch in New Zealand currently have the incorrect time, as DST went into effect this morning. As one of the last comments in the bug report says, 'even Microsoft are not this silly.' The final comment (at this writing), from madcoder, says 'The package sits in volatile for months. Please take your troll elsewhere.'"

10 of 435 comments (clear)

  1. So there are no time based security attacks? by DrXym · · Score: 5, Insightful

    Assuming there are, or even the possibility that one could be crafted, it seems quite justifiable to call this a security fix. And aside from that, it's just dumb not to include it.

  2. Is it a security update? by Anonymous Coward · · Score: 5, Insightful

    Some systems may rely on the "wrong" timezone for their continued operation, so if it is indeed not a security update, and the policy for automatic updates is "security only", then not pushing the update is correct. If you need the timezone update, get it. It's not like they hide it from you.

    1. Re:Is it a security update? by dondelelcaro · · Score: 5, Insightful

      So pray explain why they pushed a timezone update for the US changes earlier in the year?

      It's not that the updates aren't going to be made, it's just that they're made via point releases, not security updates because they aren't a security bug.

      If you don't want to wait for a point release, the packages have been made available already via volatile and the backports area. It's trivial to add these to your sources.list and install the updated package.

      the reputation of Debian is being ruined by the ineptitude and down right stupidity of the management.

      You seem to not understand how Debian actually works. The management of Debian, such as it is, are the actual developers; the people who actually sit down and do the work. If you don't like the decisions that they make, you have two choices: jump in and help out or choose to use something different. The former will enable you to make decisions in the areas you work in, the latter means hoping that someone else is going to make decisions that you agree with. Choose whichever you prefer; presuming to dictate to those who actually are doing the work isn't one of those choices.

      --
      http://www.donarmstrong.com
  3. Debian did the right thing by Anonymous Coward · · Score: 5, Insightful

    In my opinion, Debian did the right thing here.

    This update is not security-related, so has no business being in the security update section. That's perfectly OK - Debian's security updates are completely safe to apply 99% of the time, because they do not change functionality. They only fix security bugs. Unlike Microsoft, Debian are not in the practice of shipping automatic updates that change functionality.

    The update has been posted to the volatile repository, which is intended for things that change frequently, like timezone data. It can be installed from there right now - any of these people complaining could have simply installed the patch at any time over the past several months. The update has also been pushed to the updates repository, for inclusion in the next point release of Etch.

    I don't see the problem here.

  4. Either you don't get it or you're a troll. by babbling · · Score: 5, Insightful

    Debian have promised their users that only security updates will be rolled out and that they will not release any updates that change the normal behavior of programs. They do this because Debian gets run on lots of mission-critical servers where they don't want a program changing its behavior via an "update".

    Rolling clocks forward by two hours is a pretty huge change in behavior for some servers, and there isn't much of a security risk in not rolling out the update automatically, so they're not going to.

    They're doing the right thing.

  5. Re:Debian keeps getting sillier every day. by Ewan · · Score: 5, Insightful

    I dont think the correct time is a bleeding edge feature is it?

  6. This points to a wider problem... by b0s0z0ku · · Score: 5, Insightful

    abolish DST! It was silly in the early 1900s when the majority of workers worked in factories, mills, or on farms. It's sillier in 2007. Get rid of that stupidity once and for all.

  7. Re:Debian actually did release it for Stable. It's by RAMMS+EIN · · Score: 5, Insightful

    This is what usually happens when something Debian-policy-related happens and is touted as silly:

    1. I think: How silly of them. Just like Debian to do something stubborn and annoying like that.
    2. Then I read the argumentation, the policy that led them to the decision.
    3. I find myself agreeing with the policy and thus accepting the decision as the Right Thing.
    4. I find someone, usually in the Debian project itself, has come up with a solution for those who don't like the decision.

    The more time passes, the more I like Debian. They have policies that are good and they stick to them. When the policy causes them to do something that people don't like, they provide a workaround. With Debian, you can have your cake and eat it. Exclusively free software? Check. Proprietary software when you do want it? Check. Stable system that stays the same for years? Check. Recent versions of packages when you want them? Check. Support in the package manager for mixing and matching? Check. Oh, and they had dependencies figured out and working well long before any other distro I'm aware of. Debian isn't perfect, but it comes frighteningly close sometimes.

    --
    Please correct me if I got my facts wrong.
  8. Re:Volatile versus update by Ultra64 · · Score: 5, Insightful

    Maybe he said 'fucking' because he fucking wanted to.

  9. Re:Volatile versus update by tylernt · · Score: 5, Insightful

    I solved this problem by changing wholesale to GMT/UTC on all of our servers, Linux and Windows. Now we never have to worry about another stupid DST or TZ change again, including MS charging $4K for a patch that should be free. It also makes life easier for people outside our TZ who use our servers.

    I just learned that I go to work at 3pm in the morning and head home at 11pm. It's not hard. I wish the world would switch to GMT, it would make everything so much easier. Businesses can have summer hours if they wish to take advantage of the longer days.

    Of course, the desktops are all still on local time. There would be a pitchforks-and-torches uprising if you tried to change that. ;)

    --
    DRM 'manages access' in the same way that a prison 'manages freedom'