Hello, On Mon, Oct 20, 2014 at 07:11:35PM +0200, Emilio Pozuelo Monfort wrote: > On 17/10/14 19:56, Michael Vogt wrote: > >we - the APT team - would like to ask for permission for a transition, > >namily of the apt version as found in experimental to unstable with > >the target of reaching jessie. […] > I think it's too late for this. I thought this for a while, too, actually, but I tend to consider (devil's advocate style) the alternative now to be far worse: Not having this rewrite in jessie, means that we will have it very early in jessie+1. Given the teamsize it is unlikely that we will have much time/energy to "search, locate and destroy" (security) bugs in the then outdated jessie code, in other words: We will have a horrible mess of unmaintained code for another 3 (+ maybe LTS) years running as root on all Debian (and derivatives) machines. That scared me so much, that I pondered about how hard it would be to do all this without an ABI break and it is potentially possible, but would mean that the fixes are apt-get only, which doesn't look too good either in my book and was hence quickly discarded. [0] The regression potential feels in comparison a lot more manageable as the changes have an immediate effect (unlike resolver/ordering changes, which have their biggest effect at the time stable+1 is stable), it is now easily the most covered codearea by our testcases and a bunch of testers in experimental have helped us cover previously dark spots over the last (for some changes) months already. Note: This isn't intended as blackmail, but my/our honest opinion to give you guys the full picture so you can make the call. Whatever you will decide will be what it is and we will make it work one way or another I am sure. We know we are asking for a lot here, so we aren't running to our rooms screaming never to be seen again because daddy didn't bought our new toy – we will run crying into mammies arms. ;) So, that being said: Please please please daddy, please pretty please with sugar on top! (picture the sweet 16th year old apt with big wet eyes saying that) Best regards David Kalnischkies [0] I don't want to sound bitter or throw dirt, but it feels kinda ironic that apt is punished for providing a workinprogress shared library for its dependencies while other tools do not to be more free in what they can do, while being a pain for their dependencies in return… :/ P.S.: Just to underline how serious I am about that: if it helps our cause I would even be willing to sign the "secret supplementary protocol" 'people' suggested earlier this month in #d-apt … P.P.S.: Thanks for keeping us CC'ed, we actually forgot to ask for it… So please keep it that way please (pretty please with sugar on top).
Attachment:
signature.asc
Description: Digital signature