Matt Zimmerman wrote: > ... > People request new versions in > stable all the time for little reason more than the fact that they have > higher version numbers. I get harrassed by upstreams for not pushing their > releases into stable, telling me that backporting is stupid and I should > trust them implicitly never to have regressions in new releases. When the release is part of a stable branch that is no longer undergoing active development, i can understand them wanting this. I'm not saying you should "trust them implicitly never to have regressions", but maintaining stable branches is not sexy (to use your word - i've never understood why anything that's not human could be called so ;-) and most upstream developers would rather make the minimal changes required to make the stable branch secure. > Similarly, > I have received criticisms from users whose systems have been severely > broken by new upstream versions of software. For what it's worth, as a Debian stable user (i really have no business being on this list, since i'm not a DD :-), i'd rather bear the risk of possible breakage than have an insecure system. That is, i'd rather have a mostly-/partially-working system that has all known security flaws fixed quickly than a stable system that is known not to be secure. > Threads like this one which take on faith that the solution is obvious, and > seem to exist only to release steam, don't help us move forward. It isn't > obvious, and in this particular case there is an ongoing dialog with the > Mozilla developers about the problems with the current arrangement and how > to fix it. Thanks for your efforts Matt. Some of us appreciate them. ;-) -- Paul <http://paulgear.webhop.net> -- Did you know? Email addresses can be forged easily. This message is signed with GNU Privacy Guard <http://www.gnupg.org> and Enigmail <http://enigmail.mozdev.org> so you can be sure it comes from me.
Attachment:
signature.asc
Description: OpenPGP digital signature