[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why back-porting patches to stable instead of releasing a new package.

On Wed, Jul 23, 2003 at 11:57:54AM +0200, Fabio Massimo Di Nitto wrote:
> http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security
> in particular " Preparing packages to address security issues"

It doesn't answare my question. I should explain my self in a different way.

My point is: i understand what said in that paragraph, but what if new version
is a bugfix release that does not address only a secutiry issue? I'm not sure
that system administrators would like to have a buggy package on their hosts
with a security bug fixed, but with many other open nasty bugs.

Why that package has nusty bugs? Of course because they where reported after woody

Let me bring the specific case into the discussion. phpgroupware in woody is a 0.9.14
Release Candidate 3 (which was a feature-freeze release for testing): that
package got really a lot of bug fixed and there is now a which is a
0.9.14 in all aspects. neither have new features nor different
behaviour: only bugs fixed.

"5.5.1 Special case: uploads to the stable distribution" says:

Basically, a package should only be uploaded to stable if one of the following

    * a truly critical functionality problem

    * the package becomes uninstallable

    * a released architecture lacks the package


It is discouraged to change anything else in the package that isn't important,
because even trivial fixes can cause bugs later on.

IMHO, these points should be relaxed while speaking about bugfix package

Luca - De Whiskey's - De Vitis              | Elegant or ugly code as well
aliases: Luca ^De [A-Z][A-Za-z\-]*[iy]'\?s$ | as fine or rude sentences have
Luca, a wannabe ``Good guy''.               | something in common: they
local LANG="it_IT@euro"                     | don't depend on the language.

Reply to: