On 2013-05-30 23:07, Peter Eckersley wrote:
If there isn't a way to get new versions of HTTPS E to Debian stableusers via stable-updates on at least a ~ 1 month timeframe, I think it would be bad for those users to be installing xul-ext-https-everywhere.
It's possible my colleagues' opinions may differ, but imo stable-updates isn't really designed for packages that need continual updates on that sort of timeframe. Every package released via stable-updates needs someone to upload it, then for it to be processed through the proposed-updates queues, built on all architectures (where applicable), pushed to the stable-updates suite and an announcement mail sent.
Not that precedent is everything, but fwiw there have been three updates via stable-updates so far this year and were a total of eight in 2012 (one of which was a fix to an earlier update).
Similar points apply to the stable-updates shipping iceweasel 17ESR and 24ESRthat Paul refers to below. We generally meet and fix several major new Firefox incompatibility bugs between each ESR release.
I think there may have been some confusion here. The proposal isn't for the release team to ship ESR updates via stable-updates; it's for the security team to do so via security.debian.org. (The confusion probably isn't helped by this thread being divorced from the wider discussion on the topic on debian-devel.)
Regards, Adam