Hi Andres, just some notes. On Tuesday 02 February 2010 04:36:12 Andres Salomon wrote: > ..I'm not even sure what you just said. The original email complained > about dh-ocaml not being new enough, and asking people to keep their > backports up-to-date (including for major versions). I took exception > w/ the comment about major version updates; I'm convinced that they > should be done on an as-needed basis (where "as-needed" might include > security fixes, desired new features, major bugfixes, etc). However, Rhonda did mention packages you uploaded, which needs to be updated. More later. > if (for example) the dh-ocaml in backports is working for people and > does not have any major security problems, there's no reason to > frivolously update it *until* some other backport depends upon it. At There was a package, which depend on it. The depency could be lowered, but this wasn't clear looking into the packaging. But anyhow, my fault. > This is all imho, of course. I'd just personally prefer to not have to > deal w/ moving targets when using lenny-backports on my stable machines. Okay .... so lets summarize this point. There maybe different expectations from backports. Some people may want recent versions of some packages and other people want anything between this and a stable distibution. Personly I don't have a general preference, cause this may depend on the specific package. > > Speaking about security fixes, could you kindly update gtk+2.0 for > > <http://osvdb.org/show/osvdb/61203> and libtool for DSA-1958-1? > >  <http://security-tracker.debian.org/tracker/TEMP-0000000-000214> > > Sure, will get to that sometime this week (or weekend). Lets come back to the update on "an as-needed basis". This an good example of the complete opposite what I did with dh-ocaml. I guess it may be a result of missing tracking tools, but for both issues where fixes available at least since december. You can burn my at the pyre, but this is one of the major problems of backporting. Uploaded packages with less or even without care (no, I'm not talking about any special package). Thanks Rhonda for doing the great security work of backports.org. Once again, yes I was overshooting uploading dh-ocaml, but it is close to my heart getting backports.org into better a shape, even if dh-ocaml is now worse, which was not my intention. With kind regards, Jan. -- Never write mail to <firstname.lastname@example.org>, you have been warned! -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++ ------END GEEK CODE BLOCK------
Description: This is a digitally signed message part.