Re: Use volatile?
> On Sun, Jul 31, 2005 at 11:10:04PM +0400, Nikita V. Youshchenko wrote:
>> As it is being currently discussed on debian-security [1], security
>> team has hard times supporting mozilla family of packages, because of
>> unfriendly upstream policy - they don't want to isolate security fixes
>> from a large changesets of new upstream releases. And given the huge
>> size of the package, isolating security patches at Debian level also
>> fails.
> [..]
>> Maybe in rare cases like this one, when these seems to be no other way
>> to keep important package set secure, we should allow new upstream
>> into Debain Stable?
>
> What happens if they require new versions of libraries which already
> exist in stable?
It depends on the nature of the dependency.
If recompilation against version in debian stable is possible, no problem.
This will be the case in most situations I believe.
If some new library feature will be needed - it's more interesting.
Probably should be examined on case-by-case basis.
> I think you need a couple of ways out and to decide between them
> possibly just leaving well alone and making users aware of the issue
> (perhaps pointing them at volatile?) if library upgrades are needed as
> well as the case where new self-contained upstreams could be allowed in.
>
> Is volatile not a better general place for such packages though really?
> Maybe we just need more emphasis on volatile to our users. (i.e. get
> the installer to prompt about it etc).
I don't have anything agaist using volatile for this.
The only thing that is IMHO a must - it should still be possible to
install/upgrade/uninstall packages with normal debian package management
tools.
Reply to: