[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Use volatile?

On Sun, Jul 31, 2005 at 11:10:04PM +0400, Nikita V. Youshchenko wrote:
> As it is being currently discussed on debian-security [1], security
> team has hard times supporting mozilla family of packages, because of
> unfriendly upstream policy - they don't want to isolate security fixes
> from a large changesets of new upstream releases. And given the huge
> size of the package, isolating security patches at Debian level also
> fails.
> Maybe in rare cases like this one, when these seems to be no other way
> to keep important package set secure, we should allow new upstream
> into Debain Stable?

What happens if they require new versions of libraries which already
exist in stable?

I think you need a couple of ways out and to decide between them
possibly just leaving well alone and making users aware of the issue
(perhaps pointing them at volatile?) if library upgrades are needed as
well as the case where new self-contained upstreams could be allowed in.

Is volatile not a better general place for such packages though really?
Maybe we just need more emphasis on volatile to our users.  (i.e. get
the installer to prompt about it etc).


Granny grasped her broomstick purposefully.  "Million-to-one chances," she
said, "crop up nine times out of ten."

Attachment: signature.asc
Description: Digital signature

Reply to: