Re: How should we handle greenbone-security-assistant?

To: debian-devel@lists.debian.org
Subject: Re: How should we handle greenbone-security-assistant?
From: Adrian Bunk <bunk@debian.org>
Date: Fri, 18 Dec 2020 16:36:23 +0200
Message-id: <[🔎] 20201218143623.GB15569@localhost>
In-reply-to: <[🔎] 160829481364.3822905.9625324563442781033@auryn.jones.dk>
References: <[🔎] X9pReHUtn9LWBu+B@home.ouaza.com> <[🔎] 160814520549.3822905.17688764528316962056@auryn.jones.dk> <X9tMDrI7ybtA/8md@home.ouaza.com> <[🔎] 160820908322.3822905.3803292725902751282@auryn.jones.dk> <[🔎] X9tjP0LAE31Errik@home.ouaza.com> <[🔎] 160821762690.3822905.5115071813295402750@auryn.jones.dk> <[🔎] X9xivWpXuBeLqtNh@home.ouaza.com> <[🔎] 160828336309.3822905.6407453607100318475@auryn.jones.dk> <[🔎] X9x56sSwIE7L1TDp@home.ouaza.com> <[🔎] 160829481364.3822905.9625324563442781033@auryn.jones.dk>

On Fri, Dec 18, 2020 at 01:33:33PM +0100, Jonas Smedegaard wrote:
>...
> It is indeed not realistic to fit all fast-changing code projects into 
> Debian.  We have made a few fast-paced projects like Firefox fit, but in 
> my opinion we did that in a problematic way: By endorsing embedded code 
> copies, which is painful to maintain.
> 
> I think we should not relax our rules, but (improve our packages so that 
> we can) tighten our rules to apply more consistently - e.g. avoid 
> embedded code copies also in Firefox.
>...

Embedded code copies are the smallest problem with Firefox,
and on that I would actually trust Mozilla to release fixes quickly.

The huge pain with Firefox is that it has a history of needing updated 
versions of at least 5 different compilers in Debian stable series:
https://tracker.debian.org/pkg/gcc-mozilla
https://tracker.debian.org/pkg/llvm-toolchain-7
https://tracker.debian.org/pkg/rustc
https://tracker.debian.org/pkg/nasm-mozilla
https://tracker.debian.org/pkg/nodejs-mozilla

IMHO the best option for Firefox would be to stop shipping it in stable,
and offer a Flatpak instead.

>  - Jonas

cu
Adrian

Reply to:

Follow-Ups:
- Re: How should we handle greenbone-security-assistant?
  - From: Jonas Smedegaard <jonas@jones.dk>

References:
- How should we handle greenbone-security-assistant?
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: How should we handle greenbone-security-assistant?
  - From: Jonas Smedegaard <jonas@jones.dk>
- Re: How should we handle greenbone-security-assistant?
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: How should we handle greenbone-security-assistant?
  - From: Jonas Smedegaard <jonas@jones.dk>
- Re: How should we handle greenbone-security-assistant?
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: How should we handle greenbone-security-assistant?
  - From: Jonas Smedegaard <jonas@jones.dk>
- Re: How should we handle greenbone-security-assistant?
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: How should we handle greenbone-security-assistant?
  - From: Jonas Smedegaard <jonas@jones.dk>
- Re: How should we handle greenbone-security-assistant?
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: How should we handle greenbone-security-assistant?
  - From: Jonas Smedegaard <jonas@jones.dk>

Prev by Date: Re: How should we handle greenbone-security-assistant?
Next by Date: Re: How should we handle greenbone-security-assistant?
Previous by thread: Re: How should we handle greenbone-security-assistant?
Next by thread: Re: How should we handle greenbone-security-assistant?
Index(es):
- Date
- Thread