[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssl security desaster

Martin Uecker <muecker@gmx.de> writes:

> I don't now. I see no reason why all this good work which now ends up in
> Debian patches can't be seperated from the actual packaging work.

It's probably worth mentioning somewhere in this discussion that one of
the most common, perhaps the most common apart from FHS tweaks and other
Debian-specific modifications that upstream does not want, to patch
upstream source is to cherry-pick fixes from upstream before upstream has
done a new release.  That's most of the upstream patches to my packages,
for example.  A lot of those frequently indicates a close and very
fruitful interaction with upstream.  Waiting for upstream releases to fix
problems when the fix is known is not a great idea, IMO, particularly when
the problems are serious, and pulling an untested upstream VCS snapshot
with lots of other changes isn't a good idea.

I know that isn't the patch case that you were getting at, but it's
important, when discussing scenarios around patches, to allow for that one
as well.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: