Hi, Am 24.01.2016 um 16:54 schrieb 殷啟聰: > Hi, > > So if my understanding is right, Jenkins is highly likely to be > removed from Debian. And the reason behind this is because the release > cycle of Jenkins is way too short and upstream already provides .deb? Upstream has a so called LTS Release Line. [1] Jenkins LTS releases are supported for three months. They also provide fixes for a "limited subset of plugins that work with the release line". That means we cannot even assure that all plugins will be supported for a certain release line. Three months is way too short for a stable release. Debian stable releases are supported for at least _three years_ and Debian LTS is supported for _five years_. Jenkins is regularly affected by security issues. In order to comply with Debian's stable release guidelines, security fixes must be backported and this requires time and people who want to work on it. There are some rare exceptions like Iceweasel and Chromium where new upstream releases are backported to stable. Jenkins doesn't qualify for those. > So this makes me think about what exactly should be packaged into > Debian. There are not too many softwares providing .deb distributions > in upstream, but what if some of the softwares whose packages are > already in Debian starts to provide upstream .deb, will we still have > the motivation to keep maintaining it? For example, Gradle does not > have .deb in upstream, but SBT does, and Gradle indirectly depends on > SBT, then should we package SBT into Debian as well, which even though > means lots of work? Most people package something for Debian because the software will be better integrated into their systems and the quality standards are higher in Debian. We don't remove Jenkins because upstream provides .deb packages but because upstream doesn't support their LTS releases for more than three months. If there are people who actively maintain software, which includes fixing security bugs in stable releases, then there would be no reason to remove software. Installing and using unmaintained software from unstable on production systems with known security vulnerabilities is of limited usefulness for most people. > So what if there are some new packages that depends on libraries of > Jenkins and someone wants to package it, what should he do? > > By the way, I am not using Jenkins in daily life, I am simply curious. :) He should maintain the libraries like any other package in Debian or refrain from packaging it at all. Regards, Markus [1] https://wiki.jenkins-ci.org/display/JENKINS/LTS+Release+Line
Attachment:
signature.asc
Description: OpenPGP digital signature