[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Care of your packages Was: Accepted dh-ocaml 0.4.1~bpo50+1 (source all)

Hi Andres,

just some notes.

On Tuesday 02 February 2010 04:36:12 Andres Salomon wrote:
> ..I'm not even sure what you just said.  The original email complained
> about dh-ocaml not being new enough, and asking people to keep their
> backports up-to-date (including for major versions).  I took exception
> w/ the comment about major version updates; I'm convinced that they
> should be done on an as-needed basis (where "as-needed" might include
> security fixes, desired new features, major bugfixes, etc).  However,

Rhonda did mention packages you uploaded, which needs to be updated. More 

> if (for example) the dh-ocaml in backports is working for people and
> does not have any major security problems, there's no reason to
> frivolously update it *until* some other backport depends upon it.  At

There was a package, which depend on it. The depency could be lowered, but 
this wasn't clear looking into the packaging. But anyhow, my fault.

> This is all imho, of course.  I'd just personally prefer to not have to
> deal w/ moving targets when using lenny-backports on my stable machines.

Okay .... so lets summarize this point. There maybe different expectations 
from backports. Some people may want recent versions of some packages and 
other people want anything between this and a stable distibution. Personly I 
don't have a general preference, cause this may depend on the specific 

> >  Speaking about security fixes, could you kindly update gtk+2.0 for
> > <http://osvdb.org/show/osvdb/61203>[1] and libtool for DSA-1958-1?
> > [1] <http://security-tracker.debian.org/tracker/TEMP-0000000-000214>
> Sure, will get to that sometime this week (or weekend).

Lets come back to the update on "an as-needed basis". This an good example of 
the complete opposite what I did with dh-ocaml. I guess it may be a result of 
missing tracking tools, but for both issues where fixes available at least 
since december.
You can burn my at the pyre, but this is one of the major problems of 
backporting. Uploaded packages with less or even without care (no, I'm not 
talking about any special package).
Thanks Rhonda for doing the great security work of backports.org.

Once again, yes I was overshooting uploading dh-ocaml, but it is close to my 
heart getting backports.org into better a shape, even if dh-ocaml is now 
worse, which was not my intention.

With kind regards, Jan.
Never write mail to <waja@spamfalle.info>, you have been warned!
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++ 

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: