[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updating scanners and filters in Debian stable (3.1)

On Mon, 13 Sep 2004 22:00:40 +0200, martin f krafft wrote:

> also sprach Johannes Rohr <j.rohr@gmx.de> [2004.09.13.2128 +0200]:
>> f-prot-installer downloads both the scanner engine as well as
>> virus definitions from the vendor's FTP site. However, if they
>> decide to change FTP location, the layout of their tarballs or
>> their own update script, the installer will break. Would this
>> warrant an update to stable?
> No, but you could make it get the URL from a page under your
> control. That's what I do with my own f-prot package.

Somehow that doesn't seem like a good idea. (Maybe if you come up with a
way to parse the URL out of packages.debian.org's listing for f-prot in
unstable, but that's only a slightly better idea).

As one who doesn't use f-prot (so I don't know whether you've already
implemented these), a better idea is to make sure to let the user either
download the tarball himself and specify a local path, or let him specify
the URL manually. And try to make the package depend on the layout of the
tarball as little as possible.

If these all fail for some reason, then maybe it probably justifies an
addition to the next revision of Debian stable. In Martin Schulze's Sept 3
post to debian-devel-announce, he says:
> The requirements for packages to get updated in stable are:
>  1. The package fixes a security problem.  An advisory by our own
>     Security Team is required.  Updates need to be approved by the
>     Security Team.
>  2. The package fixes a critical bug which can lead into data loss,
>     data corruption, or an overly broken system, or the package is
>     broken or not usable (anymore).
>  3. The stable version of the package is not installable at all due to
>     broken or unmet dependencies or broken installation scripts.
>  4. All released architectures have to be in sync.
>  5. The package gets all released architectures back in sync.
> It is (or (and (or 1 2 3) 4) 5)

I assume these aren't going to change for sarge, so I don't think I'm 
going out on a limb here when I say a change in tarball layout would 
qualify under 2 and probably also 3.

--Ken Bloom
  Don't take my word for anything here. I'm not a DD.

I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.

Ketiva v'Chatima tova l'shana tova u'metuka.

Reply to: