Re: [Letsencrypt-devel] Certbot in Debian Stretch

To: debian-devel@lists.debian.org
Subject: Re: [Letsencrypt-devel] Certbot in Debian Stretch
From: Daniel Pocock <daniel@pocock.pro>
Date: Thu, 24 Nov 2016 19:08:33 +0100
Message-id: <[🔎] 776a4ee9-e881-c883-fe72-66d7544e529b@pocock.pro>
In-reply-to: <[🔎] 20161124163917.qo3zgful2qql47qk@bunk.spdns.de>
References: <[🔎] 20161122014022.GB6935@eff.org> <[🔎] 332bb737ec9652c6ffcead8a7e42d1bf.squirrel@aphrodite.kinkhorst.nl> <[🔎] 20161123230602.GC16140@eff.org> <[🔎] ff9cb324-d51c-a585-9152-957816c5701b@pocock.pro> <[🔎] e4562f3e-e4e3-2d89-f3e9-a9c237ed3df9@philkern.de> <[🔎] 1479995126.890215.798069537.3142A5E2@webmail.messagingengine.com> <[🔎] 20161124153705.i5g2yod5wj2ftwsu@bunk.spdns.de> <[🔎] d2acf4b0-c482-20bf-1679-c921691b9021@pocock.pro> <[🔎] 20161124163917.qo3zgful2qql47qk@bunk.spdns.de>

On 24/11/16 17:39, Adrian Bunk wrote:
> On Thu, Nov 24, 2016 at 05:22:29PM +0100, Daniel Pocock wrote:
>> ...
>> For networked services, it is different.
>>
>> Debian has already been carrying updated versions of Firefox and
>> Chromium in stable including bundled dependencies too.  Maybe we need to
>> have an objective way of deciding which other projects genuinely deserve
>> the same treatment.
>> ...
> 
> The problem with Firefox/Chromium is not "networked services".
> 
> The problem is that it is not feasible to backport all security fixes
> to a 3 year old version of such a browser.
> 
> And the "objective way of deciding" is that not shipping any web browser 
> would not be a realistic option.
> 
> For nearly any other package, not shipping it in a stable is the better 
> option for Debian.
> 

Why do you say it is the better option?

If a package is very useful and has made certain efforts to be stable
(e.g. not arbitrarily changing the command line syntax) and it is a leaf
package, maybe it is time to consider it?

The alternative is that more and more frequently, the user is tempted to
get things from upstream apt repositories.  If many upstreams go down
that path and more users accept it as normal, the net result may be even
worse.

Regards,

Daniel

Reply to:

Follow-Ups:
- Re: [Letsencrypt-devel] Certbot in Debian Stretch
  - From: Adrian Bunk <bunk@stusta.de>

References:
- Certbot in Debian Stretch
  - From: Peter Eckersley <pde@eff.org>
- Re: Certbot in Debian Stretch
  - From: "Thijs Kinkhorst" <thijs@debian.org>
- Re: [Letsencrypt-devel] Certbot in Debian Stretch
  - From: Peter Eckersley <pde@eff.org>
- Re: [Letsencrypt-devel] Certbot in Debian Stretch
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: [Letsencrypt-devel] Certbot in Debian Stretch
  - From: Philipp Kern <pkern@debian.org>
- Re: [Letsencrypt-devel] Certbot in Debian Stretch
  - From: Ondřej Surý <ondrej@sury.org>
- Re: [Letsencrypt-devel] Certbot in Debian Stretch
  - From: Adrian Bunk <bunk@stusta.de>
- Re: [Letsencrypt-devel] Certbot in Debian Stretch
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: [Letsencrypt-devel] Certbot in Debian Stretch
  - From: Adrian Bunk <bunk@stusta.de>

Prev by Date: Re: OpenSSL 1.1.0
Next by Date: Re: [RFC] Enabling bindnow by default in dpkg-buildflags?
Previous by thread: Re: [Letsencrypt-devel] Certbot in Debian Stretch
Next by thread: Re: [Letsencrypt-devel] Certbot in Debian Stretch
Index(es):
- Date
- Thread