Re: Upstream "stable" branches and Debian freeze

To: debian-devel@lists.debian.org
Subject: Re: Upstream "stable" branches and Debian freeze
From: "Jesús M. Navarro" <jesus.navarro@undominio.net>
Date: Tue, 1 Feb 2011 17:09:40 +0100
Message-id: <[🔎] 201102011709.40161.jesus.navarro@undominio.net>
In-reply-to: <[🔎] 19784.1680.379747.405980@chiark.greenend.org.uk>
References: <20110131142511.GA18405@squirrel.blarg.de> <[🔎] 4edb1dc090de6330490ab7f897785b9f.squirrel@wm.kinkhorst.nl> <[🔎] 19784.1680.379747.405980@chiark.greenend.org.uk>

Hi, Ian:

On Tuesday 01 February 2011 14:11:44 Ian Jackson wrote:
> Thijs Kinkhorst writes ("Re: Upstream "stable" branches and Debian freeze"):
> > In the past such things have not been allowed with the argumentation that
> > even though stable may contain bugs, users rely on the behaviour that
> > stable has. They may know about a bug but may have worked around it (and
> > the update may break the workaround) or they do not know about a bug but
> > a fix for it may break a previously functional system. And of course as
> > we all know: bugfixes are not zero-risk and do have chances on new bugs
> > being introduced.
>
> Basically this argument is "the update may break things".

[...]

> I think there is room for us relaxing our policy for stable updates.
> Where upstream have a good track record of not breaking their own
> stable branch, I think providing those updates to our users is
> probably sensible.

I don't think "relax" is the word but "reinterpret".

Why is the policy exactly the way it is?  It's obvious that changes are 
allowed as security and point releases show.  The "why" is obvious too: 
because security and/or severe malfunctions overweight the risk of breaking 
things *and* Debian release/security team try to minimize that risk by 
patching the bare minimum to achieve the intended result.

That said, I find that to be the proper way for a maintenance policy and an 
interesting one to push forward to upstream maintainers: it's not Debian, 
it's proper engineering to strictly segregate bug fixing from new 
functionality; it's proper engineering comitting for long term maintenance 
for selected versions of your software and it's proper engineering taking 
responsibility for the software one publishes and the bugs that come along 
with it.

So, may I propose (if not already done) a document that outlines with enough 
detail what Debian maintenance policy is and why from an upstream point of 
view, and then allow for within Stable upgrades for software that has 
demonstrated to pursue the same standards as Debian?  Kindof a "quality seal" 
that will allow to push minor versions: it would mean "more with less" since 
Debian maintainers wouldn't need to maintain their own patch sets and they 
would know in advance what the "proper" version to pack for Stable is (the 
one that upstream publishes for long term maintenance within the time-frame 
for the new Stable version).  For those upstreamers interested in doing the 
things the proper way, they could find Debian people to be knowledgeable and 
helpful about it (since they've been doing it for years and it's in their own 
interest).

Cheers.

Reply to:

Follow-Ups:
- Re: Upstream "stable" branches and Debian freeze
  - From: Olaf van der Spek <olafvdspek@gmail.com>

References:
- Re: Upstream "stable" branches and Debian freeze
  - From: "Thijs Kinkhorst" <thijs@debian.org>
- Re: Upstream "stable" branches and Debian freeze
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Re: tcl8.5 breaks dpkg-cross assumptions and multiarch
Next by Date: Bug#611738: ITP: pascal-synapse -- syncronous TCP/IP library in Pascal
Previous by thread: Re: Upstream "stable" branches and Debian freeze
Next by thread: Re: Upstream "stable" branches and Debian freeze
Index(es):
- Date
- Thread