Re: about volatile.d.o/n

[Florian Weimer <fw@deneb.enyo.de>]

* Andreas Barth:

>> Can volatile receive critical updates which are usually not applied to
>> stable because backports are not available for some reason?
>
> Are you speaking about mozilla? ;)

Mozilla, GnuPG, and maybe even PHP 4, depending on sarge's lifetime.
Other complex packages can easily enter this state, too, especially
when sarge has been around for a year or two.

Actually, Mozilla's situation is beginning to look rather promising.
The distributor community seems to pick up the challenge and issue
patches.  Of course, if we release 1.6 with sarge (a version that is
officially unsupported by upstream), we might not be able to profit
from this development.

> However, in the long run, I think you're right about adding newer
> packages if they fix security issues, and we can't fix them otherwise.
> But I think it needs more than just some consideration how to do this in
> a non-breaking way.

I agree that this has to be decided on a case-by-case basis.