[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updating scanners and filters in Debian stable (3.1)

Jesus Climent <jesus.climent@hispalinux.es> writes:

> And no, is not impossible but IT WILL NEVER get to stable, since it
> is against the current stable policy.

> Do you want to change that policy? Start moving strings and contacting the
> involved parties to get such a change. Until the, no security backports will
> get into Debian Stable with the current policy.

I'm not out to change anything.  I'm saying what kinds of changes I
would support and which I would not.

And first, I want to know what the actual policy is that is being
proposed.  Not the names of sections, or blandishments about how
optional it will be or how necessary, but what restrictions exactly
will be made on changes.

If you want something which is simply unrestricted, you have that
now, no need for any changes to anything.

So the question is: what restrictions will there be?  And for me, the
primo first most important restriction is that if you say "we have to
be able to update this package for reasons X, Y, and Z", then you
promise that all the updates will ONLY relate to those reasons, and
not include unrelated changes in features A, B, and C.

So far, I have heard no actual restrictions on what kinds of changes
should be permitted in virus-scanning programs, and what kinds of
changes should not.  As long as you say "we reserve the right to
change even the command line arguments in arbitrary ways", you aren't
going to convince me.

> Debian provides a stable and obsolete package, which might not be that stable
> since nobody in its senses would use it. And the provide an updated package
> does not mean it is unstable. And with the current idea, it does not mean we
> are forcing users to use it. They decide.

Right, but why not just use unstable?

Actually, the updated package *is* unstable, because it is, in fact, a
change.  So I'm saying: limit the instability.

That is, a strategy of "we want to always put the latest upstream in"
is simply a failure from my standpoint.  If you are willing to do lots
of hard work, then that would be a wonderful thing.  Otherwise, we
lose nothing by telling people to use the existing non-Debian
repositories.

Thomas
Reply to: