On Wed, 2020-05-27 at 02:58 +0200, Matthias Klumpp wrote: > Am Di., 26. Mai 2020 um 20:24 Uhr schrieb <Mario.Limonciello@dell.com>: > > > -----Original Message----- > > > From: Ansgar <ansgar@debian.org> > > > Sent: Tuesday, May 26, 2020 8:01 AM > > > To: Steffen Schreiber; 961490@bugs.debian.org > > > Subject: Bug#961490: fwupd: version in stable too old, no updates possible > > > > > > > > > [EXTERNAL EMAIL] > > > > > > Hi, > > > > > > On Tue, 2020-05-26 at 13:56 +0200, Steffen Schreiber wrote: > > > > So I see you marked this bug as fixed/resolved. > > > > > > Someone (not the maintainer) did so, but please note that the bug > > > remains open even when marked as fixed in a newer version. Debian's > > > stable release team prefers bugs to be fixed in unstable/testing before > > > they get fixed in (old)stable, so this is good. > > > > The particular circumstances of this issue are that the update in question requires > > a newer version of fwupd than is in stable. This is not a matter of just backporting > > a change or two and it works. There are daemon and plugin level changes that have to > > go together to guarantee a proper update. > > > > This seems incompatible with the documentation around uploading to stable. > > https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable > > > > What's the way going forward for users of stable? Installing packages > > > > from testing? Are you recommending to just forget about running Debian > > > > stable as is? > > > > > > The maintainer hasn't yet commented on how he wants to proceed. > > > Reasonable options seem to be to either update stable to the version > > > currently in testing (1.3.9) or to update to a later version of 1.2.X. > > > > > > Ansgar > > > > If a particular update requires a newer fwupd version I don't think it's reasonable > > to push that version to all Debian users who may not need the newer fwupd version > > and might not be willing to accept the risk of regressions in a newer version. > > > > "Fixes must be minimal and relevant" > > > > So in this circumstance if your device needs the newer version you should probably > > take the package from testing instead. > > Maybe talk to the release-team - they will probably not like adding a > change this big, but exceptions are always possible (e.g. firefox-esr > is exempt from this rule). > In any case though, you could provide a backport of the latest version > for easy installation by stable users as the next-best option :-) > > Cheers, > Matthias Hi, IMHO this qualifies for proposed-updates - not being able to update firmwares in this day and age exposes users to huge risks from the security point of view. Especially if, as it seems, upstream maintains stable branches. We already have a number of packages that get new LTS versions via proposed-updates - firefox being one, but not the only one. -- Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part