On 06/26/2011 10:47 AM, Gerfried Fuchs wrote:
Hi! * Michael Gilbert<michael.s.gilbert@gmail.com> [2011-06-19 16:19:28 CEST]:On Sun, 19 Jun 2011 15:51:56 +0200 Alexander Wirt wrote:Giuseppe Iuculano schrieb am Sunday, den 19. June 2011:On 06/19/2011 03:30 PM, Michael Gilbert wrote:I've prepared squeeze backports for fglrx and chromium-browser (and gyp and libv8 dependencies). Would anyone be so kind as to review and upload if these look good?* allow squeeze's libvpx0 0.9.1 to satisfy dependencies (spot-checked some webm videos and they seem to work just fine with this older version). Don't do this, please. chromium 11 needs libvpx0>= 0.9.6, see #618621All of the links in that bug report seem to work ok. I wonder if that was just some backwards compatibility lost in version 10's development and fixed later.for a complex beast like chromium I would prefer to have either the original maintainer or a really experienced debian developer as maintainer of the backport. Probably we would reject the package if we are not sure if the uploader/maintainer isn't able to handle it.Personally, I see no problem handling this. It will just be a matter of keeping up with the numerous updates that fix lots of security issues.Actually, it isn't, if you go wakenly against the explicit stated recommendation of the original package maintainer here.Perhaps Guisseppe can volunteer to mentor/watch my work.I would doubt that if you ignore his recommendation, and from that perspective I can only repeat what Alexander wrote: For a package like this the backporter should be someone that takes the concerns of the original package maintainer seriously and not addresses them with a "works for me" response. Thanks, Rhonda
Hi. I completely agree with Gerfried.The "works for me" is quite subversive, because except you, no one knows the tests you have done on chromium. Maybe you didn't test any website or content which actually needs the version 0.9.6 of libvpx0 (some webm elements might just need the 0.9.1 and other might need 0.9.6).
I'm not saying this with the goal of disrespecting you. But I've done packages for five years (less than the majority of this mailing list, I think), and in this short time, I experienced a lot of issues with the "works for me" method of testing packages (I also remember the time it took to do a clean test of the packages, because some users reported bugs I didn't have).
I don't remember having problems with the backport of the libvpx0. By the way, if you want to test, you can use the backport I've done (http://www.davromaniak.eu/vrac/chromium_backport/).
The only issue I can see, but I'm completely not sure about that. It's about the other packages which depends to libvpx 0.9.1 ("apt-rdepends -r libvpx0" is long), and the library was too much modified in it's last version as the packages became not functional with the version 0.9.6, but I don't think this case exists.
I completely agree with Giuseppe about choosing the backport maintainer, as he said, the chromium browser is a very big package, and he doesn't want to maintain two packages (the unstable one, and the backport) if the "backporter" is not able to follow the security issues, to backport the patches Giuseppe adds to the unstable packages, and he's not reactive, I can understand.
By the way, for clarification, I worked on a backport for the challenge and for fun. And as you saw, the backport is a long way from being clean. Due to this, I don't think I'm the right man for maintaining the backport, because of my lack of expertise is this domain. So like I said earlier to Michael, the source package is available, do what you want with it in the case you are able to perform the full backport, and maintaining it.
Thanks.