Re: [DebianGIS] [Fwd: [Gfoss] ka-map 1.0]
Francesco P. Lovergine wrote:
>
> I'm personally not too inclined to webapps packaging (and those
> currently present in the main archive enforces generally my opinion).
> The reason is that managing their security updates and doing proper
> updates to new upstream versions are generally both nightmares for
> packagers. We lack a framework and tools to help those managements,
> simply and clean. In many cases one should also ensure multi-site
> installation which could be also quite difficult... I don't think
> ka-map would be an exception on those regards.
Does creating packages for the DebianGIS repository (with no intention
of ever uploading to the main archive), or hosting .deb control files in
DebianGIS SVN mean we are obligated to worry about security patches for
those packages? What if we include a big **** OWN RISK **** message in
the installer?
My thinking is that this family of packages may be inherently insecure,
but a community developed package would be more secure than 300 user
did-it-myself installs. And since there is demand, they will get
packaged one way or another.
I don't mean to remove limited resources from our main packages, just if
someone comes along who would like to host them on Alioth, should it be
allowed?
Hamish
Reply to: