Re: Care of your packages Was: Accepted dh-ocaml 0.4.1~bpo50+1 (source all)
On Mon, 1 Feb 2010 22:24:45 +0100
Gerfried Fuchs <firstname.lastname@example.org> wrote:
> * Andres Salomon <email@example.com> [2010-02-01 19:20:00 CET]:
> > This conversation isn't about security fixes or bug fixes. It's
> > about new major versions of packages. New major versions of
> > packages often include more bugs than they fix.
> No, actually this discussion was triggered by an required
> build-dependencies for a backports which are in a too little version
> on backports to satisfy them and started to evolve into nitpicking
> (including from my part) different aspects of reasons for why one
> wouldn't want to upload a newer version and belittling valid reasons
> for changes other than just a single changelog entry that reads
> "rebuilt for backports".
..I'm not even sure what you just said. The original email complained
about dh-ocaml not being new enough, and asking people to keep their
backports up-to-date (including for major versions). I took exception
w/ the comment about major version updates; I'm convinced that they
should be done on an as-needed basis (where "as-needed" might include
security fixes, desired new features, major bugfixes, etc). However,
if (for example) the dh-ocaml in backports is working for people and
does not have any major security problems, there's no reason to
frivolously update it *until* some other backport depends upon it. At
that point, one can simply ask the original backporter to update it (or
do so if there's no response).
This is all imho, of course. I'd just personally prefer to not have to
deal w/ moving targets when using lenny-backports on my stable machines.
> Speaking about security fixes, could you kindly update gtk+2.0 for
> <http://osvdb.org/show/osvdb/61203> and libtool for DSA-1958-1?
>  <http://security-tracker.debian.org/tracker/TEMP-0000000-000214>
Sure, will get to that sometime this week (or weekend).