Hello, I think the success of our stable releases depends on the continued assessments of each and every maintainer. I don't believe you will find enough developers and maintainers who are willing to evaluate all packages in the archive. Who will make the decision if a package is ok for stable or not? In my opinion the current mechanisms already work pretty well and the users are the best indicators if a package is suited for stable or not. If a package cannot be supported in stable, I wouldn't want it in testing either which I use for the same reasons as you do. Two examples: The Java Team used to package Jenkins and some of its plugins but it quickly became apparent after the main maintainer stepped down, that we couldn't support it in stable because it was frequently affected by security issues and upstream only supported his stable releases for three months. The only reasonable thing we could do was to ask to remove it from Debian. Nobody really liked this decision but supporting such an rapid upstream release cycle was unsustainable and then I think it is better to recommend to potential Jenkins users to use the upstream Debian packages instead and to refrain from packaging it at all. A few months ago I packaged Syncany, a dropbox-like Java application. Upstream was happy about it but he asked me to wait with an upload to unstable because he didn't want to support the current version in Ubuntu 16.04. This was quite similar to your vdirsyncer example. The package is thus still in experimental. So my thoughts in a nutshell. Always talk to upstream before you package the software, if you are unsure about the suitability for stable. Don't upload the software if it can't be maintained in stable. Respect the wishes of upstreams and remove the package (the xscreensaver case), if they don't understand that there is no technical reason for warning users about "old software", if it is not broken. I think such packages would be better suited for PPAs or bikesheds. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature