[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why back-porting patches to stable instead of releasing a new package.

On Wed, 23 Jul 2003, Luca - De Whiskey's - De Vitis wrote:

> On Wed, Jul 23, 2003 at 11:57:54AM +0200, Fabio Massimo Di Nitto wrote:
> >
> > http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security
> >
> > in particular "5.8.5.3 Preparing packages to address security issues"
>
> It doesn't answare my question. I should explain my self in a different way.
>
> My point is: i understand what said in that paragraph, but what if new version
> is a bugfix release that does not address only a secutiry issue? I'm not sure
> that system administrators would like to have a buggy package on their hosts
> with a security bug fixed, but with many other open nasty bugs.
>
> Why that package has nusty bugs? Of course because they where reported after woody
> release.

Because you can never be sure that it will not change the package
behaviour in all its small details and that will not introduce new bugs.

(note that i kept the list short for the simple reason that there several
different examples that can be done according to which package you are
talking about)

> Let me bring the specific case into the discussion. phpgroupware in woody is a 0.9.14
> Release Candidate 3 (which was a feature-freeze release for testing): that
> package got really a lot of bug fixed and there is now a 0.9.14.006 which is a
> 0.9.14 in all aspects. 0.9.14.006 neither have new features nor different
> behaviour: only bugs fixed.

Probably in the specific case it can apply but this is not true for all
packages. Policy/developer-references have to carry the most generic case
as possible, as a best/current practise.

> "5.5.1 Special case: uploads to the stable distribution" says:
>
> ------------------------------------------------------------------------------
> Basically, a package should only be uploaded to stable if one of the following
> happens:
>
>     * a truly critical functionality problem
>
>     * the package becomes uninstallable
>
>     * a released architecture lacks the package
> ------------------------------------------------------------------------------
>
> and
>
> ------------------------------------------------------------------------------
> It is discouraged to change anything else in the package that isn't important,
> because even trivial fixes can cause bugs later on.
> ------------------------------------------------------------------------------
>
> IMHO, these points should be relaxed while speaking about bugfix package
> release.

If you will relax these points you will loose the meaning of having
stable/testing/unstable. Everyone will be encourged to upload to stable to
fix even the most insignificant whishlist bug.

Fabio

-- 
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html
Reply to: