Re: RFC: allow new upstream into stable when it's the only way to fix security issues.
Nikita V. Youshchenko [2005-08-01 10:34 +0400]:
> Since such cases should be very rare, they may be handled manually (so
> infrastructure changes are not needed). For the same reason, I don't think
> that stability risks are high.
Agreed. The whole point of backporting patches is to minimize
introduction of instability and regressions from new versions. But if
backporting produces so many regressions that the package becomes
unusable, then that stability argument isn't valid any more, and it
should rather be attempted to create good packages with new upstream
versions. We did that for the Mozilla products in Ubuntu (in fact we
seem to be the only ones who actually tried to backport the 1.0.5
changes, all other distros just upgraded to 1.0.5 proper), and apart
from some minor things (upgrade of the locale packages in our "Warty"
release which shipped Firefox 0.9.3, and enigmail upgrade), the
upgrade was pretty smooth and the users are happy again.
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org