Hi -devel! Many of Debian packages have a patches that fixes some important bugs which have not accepted by upstream for some reasons, some of them also contains improvements, Debian-specific or not. Many maintainers in process of preparing Lenny release cherry-picked important fixes and backported it to previous versions of package. Example: package 'psi' (Jabber client written in Qt) has a known bug in version 0.11: it crashes with Qt 4.4 when user closed all chat tabs. This bug was closed in 0.12. Though Debian will release 0.11, the package in Lenny hasn't this bug - psi's maintainer kindly backported this fix. But how can users know about this changes in Debian packages? Users can only thoroughly read the changelog from 0.11-1 to 0.11-8 and try to find the changelog entry about fix. In worst cases, even detailed changelog may not contain relevant entry in the case when maintainer backported sequence of upstream patches from upstream's VCS. My proposal is make the new file named, for example, debian/divergences, containing important for end users changes made in Debian package. Suggested format may be the same we are using now to display lists in packages' long descriptions. Then content of it may be displayed under package's page on packages.debian.org. File may also installed to /usr/share/doc/<package>/divergences. Such list, then, would be visible to both Debian users, developers and for site visitors who firstly came to Debian. It can also to grow respect to Debian in users' mind - many times users cannot imagine the amount of maintainers' work without explanation. Such list also may be especially useful for (future) Debian stable users, for example, administrators - it's great to know easily what security bugs have Debian fixed for users. Implementing, as I think, will lead to changes in lintian (check for file), debhelper (automatically installing file as part of docs), policy (introduce file), packages.debian.org (display file content on package's page). Late for Lenny, but can be done for squeeze (may be, as squeeze release goals?..). It's my humble view. Does it sound reasonably? -- Eugene V. Lyubimkin aka JackYF, Ukrainian C++ developer.
Attachment:
signature.asc
Description: OpenPGP digital signature