On Fri, 17 Oct 2025 23:27:09 +0100 Simon McVittie <smcv@debian.org> wrote: > On Fri, 17 Oct 2025 at 14:27:32 -0500, Aaron Rainbolt wrote: > >The Debian Policy manual states in section 2.2.1: > > > >> In addition, the packages in main > >> ... > >> * must not be so buggy that we refuse to support them... > > > >I would argue Stardict is this buggy. > > If that's the case, the first place to report it would be a RC bug > against the stardict package (and if the stardict maintainer > downgrades the severity of RC bugs in a way that is contrary to > project consensus, the group that can overrule them is the release > team or the technical committee). This has already happened. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110370, which was filed with severity "critical" and tag "security", and which the maintainer changed to severity "wishlist" and removed the "security" tag from. The maintainer later upgraded the severity to "Important", but still did not leave it release-critical, thus why the vulnerability still exists in Trixie. > >IMO, Stardict could reasonably live on in contrib > > contrib is held to the same quality standards as main (and non-free): > the only difference is that contrib packages may have non-free > dependencies. The two possibilities are that stardict is sufficiently > high-quality to be in main, or not sufficiently high-quality to be in > contrib either. Makes sense. I was trying to propose a non-nuclear solution since I'm sure Stardict has users who appreciate its features and are willing to be mindful of its behavior, but if that's a misunderstanding of how contrib works, that's fine with me. -- Aaron > smcv >
Attachment:
pgpAQuf_MqgPw.pgp
Description: OpenPGP digital signature