Re: Fw: Accepted haskell-network 2.2.1.3-1 (source all i386)
On Mon, Jun 15, 2009 at 09:50:01PM -0500, John Goerzen wrote:
> Trent W. Buck wrote:
>> Don Stewart <dons@galois.com> writes:
>>
>>>> I'm not sure how haskell-platforms strict version dependancies will
>>>> fit in with the way things are packaged on Debian. The cabal file
>>>> does not leave much latitude:
>>>>
>>>> http://hackage.haskell.org/platform/2009.2.0.1/haskell-platform.cabal
>>>>
>>> Ideally though, Debian will in time end up providing the precise
>>> dependencies (which will last for 6 month periods). In the short term,
>>> just getting the packages in is a good start.
>>
>> Ideally for whom?
>>
>> Consider the following hypothetical situation:
>>
>> - Debian Testing provides zlib 0.5.0.0.
>> - Haskell Platform 2009.2.0.1 requires zlib 0.5.0.0. Presumably the
>> next Haskell Platform release will not appear until 2009-08.
>> - In 2009-06, upstream releases zlib 0.5.0.1 to fix a security hole.
>>
>> If Debian installs the security update, haskell-platform will not be
>> usable on sid -- at least until the Haskell Platform has a point release
>> (i.e. Haskell Platform 2009.2.0.2) and that release enters Debian.
>
> I don't follow. Why should a security fix imply API changes?
Perhaps I've misunderstood. Isn't 0.5.0.0 zlib's release version (as
well as its API version)? That is, you cannot have two tarballs on
hackage both called zlib-0.5.0.0.tar.gz.
>> Similarly, is Debian Stable expected to have an installable version of
>> (and old version of) haskell-platform? If so, near to release time it
>> will be necessary to prevent ANY package updates migrating from unstable
>> to testing if they will break the current haskell-platform.
>
> If they break the current haskell-platform, is that not good? I don't
> see a problem.
Are you saying that you expect haskell-platform to only be installable
on Debian Testing; that it simply won't be available (even an old
version) in the next Debian Stable release?
Reply to: