Re: RFC: allow new upstream into stable when it's the only way to fix security issues.

["Nikita V. Youshchenko" <yoush@cs.msu.su>]

> On Sun, 2005-07-31 at 23:10 +0400, Nikita V. Youshchenko wrote:
> > (3) allow new upstream into stable.
>
> But, how would be the proposed process for this software?
>
> I mean, should they also have some kind of grace period after uploading
> to unstable? Would it enter stable after unstable? Or after testing? Or
> would it enter stable directly without any kind of testing period? All
> upstream releases would go into stable, or only those fixing non-trivial
> bugs? How would we be able to remain security and stability on sarge
> with this?

This all is discussable.

I think that new upstream should be allowed into stable only when it's 
clear that there is no other way to fix a critical problem. The decision 
should be made individually to each version.
Moving through unstable and even testing is probably not an option because 
of library differences.
So either packages should go directly, or after a short testing period 
through somethibng like proposed-updates.

Since such cases should be very rare, they may be handled manually (so 
infrastructure changes are not needed). For the same reason, I don't think 
that stability risks are high.