[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: Accepted haskell-network 2.2.1.3-1 (source all i386)

Trent W. Buck wrote:
> Don Stewart <dons@galois.com> writes:
> 
>>> I'm not sure how haskell-platforms strict version dependancies will
>>> fit in with the way things are packaged on Debian. The cabal file
>>> does not leave much latitude:
>>>
>>> http://hackage.haskell.org/platform/2009.2.0.1/haskell-platform.cabal
>>>
>> Ideally though, Debian will in time end up providing the precise
>> dependencies (which will last for 6 month periods). In the short term,
>> just getting the packages in is a good start.
> 
> Ideally for whom?
> 
> Consider the following hypothetical situation:
> 
>  - Debian Testing provides zlib 0.5.0.0.
>  - Haskell Platform 2009.2.0.1 requires zlib 0.5.0.0.  Presumably the
>    next Haskell Platform release will not appear until 2009-08.
>  - In 2009-06, upstream releases zlib 0.5.0.1 to fix a security hole.
> 
> If Debian installs the security update, haskell-platform will not be
> usable on sid -- at least until the Haskell Platform has a point release
> (i.e. Haskell Platform 2009.2.0.2) and that release enters Debian.

I don't follow.  Why should a security fix imply API changes?

> Similarly, is Debian Stable expected to have an installable version of
> (and old version of) haskell-platform?  If so, near to release time it
> will be necessary to prevent ANY package updates migrating from unstable
> to testing if they will break the current haskell-platform.

If they break the current haskell-platform, is that not good?  I don't
see a problem.
Reply to: