Re: Debian 2.2 Release.
Tomasz Wegrzanowski <email@example.com> wrote:
>On Wed, Jun 28, 2000 at 05:59:41AM +0200, Nils Lohner wrote:
>> Sounds like what you're saying is that any package that no other package
>> depends on should be allowed in whenever, since the only risk is breaking
>> the package itself. Makes sense, but is it risk-free in terms of security,
>> and what degree of testing needs to be done on it to ensure the package
>> itself is stable in our current environment (see Joey's concern)?
>If upstream says true that app is stable, 99% bugs can be detected
>by lintian, apt-get install newapp, try it once, apt-get remove newapp.
>It would be really strange if new version introduced command which name
>conflicts with other package's or breaked menu-system or couldn't work
>with Debian infrastructure if old one could.
Erm. Many packages need special patching for Debian; filesystem
rearrangements, setuid/setgidness, configuration of helper applications
(mozilla is a case in point here), and all sorts of other stuff that is
about building and maintaining a consistent distribution. I think it's
extremely naive to assume that new versions of a package won't change
any of these, because, empirically, new versions of a package often do.
They also, with monotonous regularity, depend on newer versions of
libraries, which also have to be supported.
I don't care if upstream declares it stable; I've seen that not in fact
be true often enough.
>If there is any doubt, we can delay it a week or two, without denying
>it from frozen.
We'd better rename it, then! frozen means frozen, a feature freeze.
Colin Watson [firstname.lastname@example.org]