Re: Why back-porting patches to stable instead of releasing a new package.

To: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Why back-porting patches to stable instead of releasing a new package.
From: Luca - De Whiskey's - De Vitis <luca@debian.org>
Date: Wed, 23 Jul 2003 06:04:49 -0500
Message-id: <[🔎] 20030723110449.GB32048@debian.org>
Mail-followup-to: Debian Developers <debian-devel@lists.debian.org>
In-reply-to: <[🔎] Pine.LNX.4.56.0307231155180.21507@trider-g7.ext.fabbione.net>
References: <20030715092532.GA8393@achos.com> <20030715125624.GL11400@alcor.net> <20030717151620.GA23268@debian.org> <20030721174232.GL13924@alcor.net> <20030722122252.GC24699@debian.org> <20030722223606.GB15133@alcor.net> <[🔎] 20030723081555.GA32048@debian.org> <[🔎] Pine.LNX.4.56.0307231155180.21507@trider-g7.ext.fabbione.net>

On Wed, Jul 23, 2003 at 11:57:54AM +0200, Fabio Massimo Di Nitto wrote:
> 
> http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security
> 
> in particular "5.8.5.3 Preparing packages to address security issues"

It doesn't answare my question. I should explain my self in a different way.

My point is: i understand what said in that paragraph, but what if new version
is a bugfix release that does not address only a secutiry issue? I'm not sure
that system administrators would like to have a buggy package on their hosts
with a security bug fixed, but with many other open nasty bugs.

Why that package has nusty bugs? Of course because they where reported after woody
release.

Let me bring the specific case into the discussion. phpgroupware in woody is a 0.9.14
Release Candidate 3 (which was a feature-freeze release for testing): that
package got really a lot of bug fixed and there is now a 0.9.14.006 which is a
0.9.14 in all aspects. 0.9.14.006 neither have new features nor different
behaviour: only bugs fixed.

"5.5.1 Special case: uploads to the stable distribution" says:

------------------------------------------------------------------------------
Basically, a package should only be uploaded to stable if one of the following
happens:

    * a truly critical functionality problem

    * the package becomes uninstallable

    * a released architecture lacks the package
------------------------------------------------------------------------------

and

------------------------------------------------------------------------------
It is discouraged to change anything else in the package that isn't important,
because even trivial fixes can cause bugs later on.
------------------------------------------------------------------------------

IMHO, these points should be relaxed while speaking about bugfix package
release.

ciao,
-- 
Luca - De Whiskey's - De Vitis              | Elegant or ugly code as well
aliases: Luca ^De [A-Z][A-Za-z\-]*[iy]'\?s$ | as fine or rude sentences have
Luca, a wannabe ``Good guy''.               | something in common: they
local LANG="it_IT@euro"                     | don't depend on the language.

Reply to:

Follow-Ups:
- Re: Why back-porting patches to stable instead of releasing a new package.
  - From: Sander Smeenk <ssmeenk@debian.org>
- Re: Why back-porting patches to stable instead of releasing a new package.
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>

References:
- Why back-porting patches to stable instead of releasing a new package.
  - From: Luca - De Whiskey's - De Vitis <luca@debian.org>
- Re: Why back-porting patches to stable instead of releasing a new package.
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>

Prev by Date: Re: Why back-porting patches to stable instead of releasing a new package.
Next by Date: Re: Welcome to the "Cc" mailing list
Previous by thread: Re: Why back-porting patches to stable instead of releasing a new package.
Next by thread: Re: Why back-porting patches to stable instead of releasing a new package.
Index(es):
- Date
- Thread