[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian 2.2 Release.

Tomasz Wegrzanowski <maniek@beer.com> wrote:
>On Wed, Jun 28, 2000 at 05:59:41AM +0200, Nils Lohner wrote:
>>   Sounds like what you're saying is that any package that no other package 
>> depends on should be allowed in whenever, since the only risk is breaking 
>> the package itself.  Makes sense, but is it risk-free in terms of security, 
>> and what degree of testing needs to be done on it to ensure the package 
>> itself is stable in our current environment (see Joey's concern)?
>If upstream says true that app is stable, 99% bugs can be detected
>by lintian, apt-get install newapp, try it once, apt-get remove newapp.
>It would be really strange if new version introduced command which name
>conflicts with other package's or breaked menu-system or couldn't work
>with Debian infrastructure if old one could.

Erm. Many packages need special patching for Debian; filesystem
rearrangements, setuid/setgidness, configuration of helper applications
(mozilla is a case in point here), and all sorts of other stuff that is
about building and maintaining a consistent distribution. I think it's
extremely naive to assume that new versions of a package won't change
any of these, because, empirically, new versions of a package often do.
They also, with monotonous regularity, depend on newer versions of
libraries, which also have to be supported.

I don't care if upstream declares it stable; I've seen that not in fact
be true often enough.

>If there is any doubt, we can delay it a week or two, without denying
>it from frozen.

We'd better rename it, then! frozen means frozen, a feature freeze.

Colin Watson                                     [cjw44@flatline.org.uk]

Reply to: