Re: backports exception for virtualbox?

To: Gianfranco Costamagna <locutusofborg@debian.org>
Cc: Debian-backports <debian-backports@lists.debian.org>
Subject: Re: backports exception for virtualbox?
From: Rhonda D'Vine <rhonda@deb.at>
Date: Mon, 12 Dec 2016 15:37:59 +0100
Message-id: <[🔎] 20161212143759.GB13180@anguilla.debian.or.at>
In-reply-to: <[🔎] 1714102144.2049180.1481549263659@mail.yahoo.com>
References: <2136744349.1849477.1481541278273.ref@mail.yahoo.com> <[🔎] 2136744349.1849477.1481541278273@mail.yahoo.com> <[🔎] 20161212120642.GA29704@anguilla.debian.or.at> <[🔎] 1714102144.2049180.1481549263659@mail.yahoo.com>

* Gianfranco Costamagna <locutusofborg@debian.org> [2016-12-12 14:27:43 CET]:
> >I fear we can't do this exception.  And while I abssolutely understand
> >that there is actual need for that (we are using virtualbox at work too,
> >so I'm cutting myself here), I am sorry but backports is not the place
> >for that.
> 
> ough, I was mostly sure there were already some packages under special
> exceptions (I think security/release team(s) told me their names but I don't remember
> right now)

 I'm not really aware of any such.

> >If you are self-hosting the packages, maybe the upcoming Debian
> >specific PPAs will be the place, but if you are going to self-host the
> >packages in the mean time pretty please let me/us (this mailinglist)
> >know where you do so.
> 
> 
> I don't have any hosting right now, and honestly I would prefer to avoid them,
> but I'm maintaining a ppa in Ubuntu that is already widely used
> 
> https://launchpad.net/~costamagnagianfranco/+archive/ubuntu/virtualbox-ppa
> 
> I would like to see ppa as last resource, because it might cut many people
> from "official" builds...

 Yep; unfortunately I think we really should have the same approach to
packages in backports like we have for packages in stable/testing so to
say.  If we consider a package not maintainable throught a release I am
not too comfortable with having it in backports neither.

> (and it won't fix the current outdated jessie-bpo, can you do something
> here?)

 Given the outstanding CVEs this means we're going to remove it indeed.
:/

> I'm only trying to make things for end users less painful as possible,
> virtualbox is not even part of Debian, but popcon reports a large installation
> number, even DSA for oldstable have been issued because of its popcon and importance,
> so at the end, I wrote this email not for a personal reason (I won't use jessie-backports,
> neither stretch-backports), but just to avoid the high complain number I'll probably
> receive soon by mail/BTS.

 Sure, and my hope is low that this will help Oracle to rethink their
positioning on how to work with the FLOSS community, but we shouldn't go
to compromises on that grounds.  Eventually something like what changed
for QT and KDE in the long run might come around.

> a ppa might solve the issue, as it does in Ubuntu, and also removing it from unstable can fix
> it :)

 There will be infrastructure.  Good things come to those who wait. ;)

> (I admit, maintaining virtualbox can be a daily challenge :p )

 I don't envy you on that part at all.
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

Reply to:

Follow-Ups:
- Re: backports exception for virtualbox?
  - From: Christian Seiler <christian@iwakd.de>

References:
- backports exception for virtualbox?
  - From: Gianfranco Costamagna <locutusofborg@debian.org>
- Re: backports exception for virtualbox?
  - From: Rhonda D'Vine <rhonda@deb.at>
- Re: backports exception for virtualbox?
  - From: Gianfranco Costamagna <locutusofborg@debian.org>

Prev by Date: Re: security backports for removed packages
Next by Date: Re: backports exception for virtualbox?
Previous by thread: Re: backports exception for virtualbox?
Next by thread: Re: backports exception for virtualbox?
Index(es):
- Date
- Thread