Re: Advice needed: update-manager in wheezy considered dangerous

[Emilio Pozuelo Monfort <pochu@debian.org>]

Hi Julian,

On 12/03/13 00:42, Julian Andres Klode wrote:
> Dear release team, I report this problem as we have switched our package management
> stack in wheezy from update-manager and other components to PackageKit. Those
> old components are still in wheezy however, and especially update-manager can
> be considered to be horribly dangerous: It might break systems or contain extreme
> security issues as it has not seen someone really care about it since 2 years.
>
> We cannot simply remove update-manager however, as there are reverse
> dependencies. The most important ones appear to be:
>
>    * upgrade-system
>    * update-notifier
>
> We could simply drop upgrade-system from testing. For update-notifier, we cannot
> do this, as update-notifier-kde depends on update-notifier-common, and there are
> no other notifiers for KDE AFAIK. I could however upload an empty update-notifier
> package (for GNOME) that switches the user to the PackageKit notifier, thus
> removing that reverse dependency.
>
> Summary of the proposed solution:
> 	1. Remove upgrade-system from testing
> 	2. Replace update-notifier binary package with a package transitioning
>             users to gnome-packagekit
>          3. Remove update-manager from testing or transition users to PackageKit

I think it's time to do something like this in unstable.

Regards,
Emilio

> Please let me know what you think, and if I missed something.
>
> PS: Yes, I know that we're late in freeze, but I feel that we should not have
> that package in a stable release.
>
> PPS: Please keep me CCed (and maybe pkg-gnome-maintainers as well)
>
>
>
> _______________________________________________
> pkg-gnome-maintainers mailing list
> pkg-gnome-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gnome-maintainers