Re: Backports policy for security updates (was: Re: python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED)
I routinely backport packages and deploy them locally. I frequently wonder
if I should upload them to make them more widely useful. And then...
Perhaps I'm snipping too much here, but is this what you're saying?
>> Now I'm confused. I thought as a backporter my responsibility for
>> oldstable was limited to the one year period after the new stable was
>> released? Are backporters responsible for LTS support too?
> Of course you are.
wait, because a few people started an unofficial project to extend support
of the stable release, everyone else is now responsible for supporting that
effort in all manner of other places? There wasn't even a mention of LTS
anywhere on the backports website until today. (That's not even touching
§2.1 of the constitution, that this is now requiring volunteers to support
the paid work of others, or that some of these uploads will have been
created before the LTS effort even existed.)
LTS support is a laudable goal. It's great that some really want it and have
found sponsorship to make it happen. However, this change has convinced me
to never upload backported packages. While I was once nervous about whether
I could reasonably support such packages for what I thought was a defined
lifetime that matched my own usage, I now know that it's even longer and I
know I cannot do so. I would have neither ability to test nor motivation to
maintain any backport for years beyond I would ever use it. Uploading a
backport has suddenly become a blank cheque for maintenance subject to
future prolongation. Sounds like a world of pain I should avoid. Sorry.
--
Stuart Prescott http://www.nanonanonano.net/ stuart@nanonanonano.net
Debian Developer http://www.debian.org/ stuart@debian.org
GPG fingerprint 90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7
Reply to: