On Tue, 2020-04-14 at 13:12 +0200, Wouter Verhelst wrote: > On Sun, Apr 12, 2020 at 09:11:57PM +0200, Ole Streicher wrote: [...] > > One could expect from maintainers that they check their packages for > > compliance regularly and that they document that. > > Perhaps, but it is *also* documented that an upload just to bump the > Standards-Version is severely frowned upon. If there is no other reason > to upload in 7 years, then the Standards-Version will not be updated, > and that is perfectly fine. [...] If a package hasn't been uploaded for 7 years, then: * At least some of its binary packages were probably built by the uploader, not on a buildd * If it's written in C or C++, it hasn't been built with all the current hardening options that should be used * Its binary packages probably aren't repoducible * It may not build correctly with the current build tools (failure to build at all would usually be caught and reported, though) I think we should be rebuilding everything at least once per release cycle, so we don't have a nasty surprise when these "mature" packages need bug fixes. Ben. -- Ben Hutchings Everything should be made as simple as possible, but not simpler. - Albert Einstein
Attachment:
signature.asc
Description: This is a digitally signed message part