> In my opinion it's very good when backports is default in sources.list. >My opinion is that I don't want to push ticking time bombs into the >hands of our users. And that's exactly what defaulting to enabling >backports was. You pointed out that apt will happily install a package from backports if it is not available in the base suite, which might mean that you don't realize that you are going to install something from backports because you didn't explicitly ask for it... However, I don't see how this is a 'ticking time bomb', that seems a tad hyperbolic. If someone wanted to install 'zmap' on wheezy, they do apt-get install zmap, find out there is no zmap package available, what happens next from my observations is they either give up thinking that the package just isn't available in debian, or they enable backports and then install zmap. The first one seems worth fixing, the second seems worth making easier. If you install zmap from backports and see that it is pulling from backports during the install and you really didn't want things from backports for some reason (and I can't think of a reason), you can always interrupt the process, or just remove the package after its finished installing. Backports isn't some rouge repository filled with broken packages that are uploaded by untrustworthy people. One of the first things I do on every debian stable system I install is add backports entries to sources.lists. One of the most frequent confusions of people I support, who are using Debian, is unavailability of packages. I tell them to install X package, and they say "its not in Debian" and then I have to discuss with them about how to discover that there is a package available in backports and how to enable it and get it. Simplifying this user experience seems worth it.
Attachment:
signature.asc
Description: PGP signature