Re: [Letsencrypt-devel] Certbot in Debian Stretch
On Thu, Nov 24, 2016 at 07:08:33PM +0100, Daniel Pocock wrote:
>
>
> On 24/11/16 17:39, Adrian Bunk wrote:
> > On Thu, Nov 24, 2016 at 05:22:29PM +0100, Daniel Pocock wrote:
> >> ...
> >> For networked services, it is different.
> >>
> >> Debian has already been carrying updated versions of Firefox and
> >> Chromium in stable including bundled dependencies too. Maybe we need to
> >> have an objective way of deciding which other projects genuinely deserve
> >> the same treatment.
> >> ...
> >
> > The problem with Firefox/Chromium is not "networked services".
> >
> > The problem is that it is not feasible to backport all security fixes
> > to a 3 year old version of such a browser.
> >
> > And the "objective way of deciding" is that not shipping any web browser
> > would not be a realistic option.
> >
> > For nearly any other package, not shipping it in a stable is the better
> > option for Debian.
>
> Why do you say it is the better option?
>
> If a package is very useful and has made certain efforts to be stable
> (e.g. not arbitrarily changing the command line syntax) and it is a leaf
> package, maybe it is time to consider it?
Every update you put into stable might get automatically deployed
to millions of computers running unattended-upgrades (or similar).
Only doing "certain efforts to be stable" could easily result in huge
outages somewhere.
> The alternative is that more and more frequently, the user is tempted to
> get things from upstream apt repositories. If many upstreams go down
> that path and more users accept it as normal, the net result may be even
> worse.
When upstream is very volatile, this is a decent option.
> Regards,
>
> Daniel
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Reply to: