On Thu, 2016-05-19 at 11:45 +0000, Holger Levsen wrote: > Hi, > > appearantly some maintainers don't want to support backports in > wheezy-backports anymore, saying wheezy is oldstable now (und > unsupported by Debian proper, "just" maintained by the Debian LTS team.) Some backports maintainers didn't keep their packages up to date even before the transition to LTS. Quite possibly the same ones? > In a way, that's a fair stand, as when they agreed to support the backport > for the life time of wheezy, it probably wasn't clear that this means > "until 2018" and not until 2016. (Wheezy-LTS was rather recently > implemented.) > > OTOH, having unsupported backports with known security vulnerabilities > is bad. So an option would be to _close_ wheezy-backports _now_, also to > communicate this issue to the users. What does 'close' mean? To remove the suite? That would be a very blunt way to communicate with our users, and a disservice to those who are happily using backports that are kept up to date (or haven't needed updates). It is a good reason to think again about we present the support status of backports and other suites to our users. Should they be expected to monitor a particular list? Install a package? Should APT support some kind of metadata indicating packages that are now unsupported? > Removing individual backports from wheezy-bpo is both error prone and > manual busy work on the shoulders of the bpo admins, who wouldn't want > to do this job. > > Alternativly, the backports maintainers would need to agree to maintain > those backports for two more years. > > What do you think? I think this question has to be answered by each maintainer independently. But I realise that it would take a fair amount of work for the backports administrators to process the answers, even if it's only one time every 2 years. Ben. -- Ben Hutchings Experience is what causes a person to make new mistakes instead of old ones.
Attachment:
signature.asc
Description: This is a digitally signed message part