Re: Finding rough consensus on level of vendoring for large upstreams

To: Phil Morrell <debian@emorrp1.name>
Cc: debian-devel <debian-devel@lists.debian.org>, 907051@bugs.debian.org
Subject: Re: Finding rough consensus on level of vendoring for large upstreams
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 12 Sep 2021 20:01:34 +0300
Message-id: <[🔎] 20210912170134.GR11834@localhost>
In-reply-to: <[🔎] 20210902223835.GB2145@mithrandir.lan.emorrp1.name>
References: <[🔎] 20210902223835.GB2145@mithrandir.lan.emorrp1.name>

On Thu, Sep 02, 2021 at 11:38:35PM +0100, Phil Morrell wrote:
>...
> 4. When 2 or 3 are too onerous to maintain, the package MAY use the
>    convenience copy but MUST document why in README.source and SHOULD be
>    included in the [security-tracker].
>...

  The package MUST be listed as being without security support in
  the debian-security-support package and the Release Notes,
  and it MUST NOT be installed as part of a default installation,
  unless the security team has explicitly agreed to support it.

If we are shipping software where Debian cannot provide security support,
then we shouldn't hide the problem from our users.

cu
Adrian

Reply to:

Follow-Ups:
- Re: Finding rough consensus on level of vendoring for large upstreams
  - From: Phil Morrell <debian@emorrp1.name>

References:
- Finding rough consensus on level of vendoring for large upstreams
  - From: Phil Morrell <debian@emorrp1.name>

Prev by Date: Re: Wine MinGW system libraries
Next by Date: Re: Wine MinGW system libraries
Previous by thread: Re: Finding rough consensus on level of vendoring for large upstreams
Next by thread: Re: Finding rough consensus on level of vendoring for large upstreams
Index(es):
- Date
- Thread