Re: how to deal with widely used packages unsuitable for stable (was Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.)
- To: Raphael Hertzog <hertzog@debian.org>, Pirate Praveen <praveen@onenetbeyond.org>, Dan Clery <dan@savevsgeek.com>, Abhijith PA <abhijith@disroot.org>, Paul Gevers <elbrus@debian.org>, Holger Levsen <holger@layer-acht.org>, debian-release@lists.debian.org, debian-lts@lists.debian.org, debian-security@lists.debian.org
- Subject: Re: how to deal with widely used packages unsuitable for stable (was Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.)
- From: Alexander Wirt <formorer@formorer.de>
- Date: Fri, 30 Aug 2019 11:07:44 +0200
- Message-id: <[🔎] 20190830090744.GC5309@lisa>
- Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Pirate Praveen <praveen@onenetbeyond.org>, Dan Clery <dan@savevsgeek.com>, Abhijith PA <abhijith@disroot.org>, Paul Gevers <elbrus@debian.org>, Holger Levsen <holger@layer-acht.org>, debian-release@lists.debian.org, debian-lts@lists.debian.org, debian-security@lists.debian.org
- In-reply-to: <[🔎] 20190830085652.GB1688@home.ouaza.com>
- References: <[🔎] 20190829114814.GA17510@home.ouaza.com> <[🔎] 20190829121017.5pbovzbg5mao5fzq@layer-acht.org> <[🔎] 20190829122853.GA18557@home.ouaza.com> <[🔎] 090bd09f-8c14-dd50-cb44-63a5383cb60f@debian.org> <[🔎] bcb8d816-df22-7cc5-567b-3f8e206a6f3a@disroot.org> <[🔎] CAHBOX4pi98LWNDpngK-foh_5fBesdOGBb+JdtBuCV908hHh5fg@mail.gmail.com> <[🔎] 464C6643-D04A-4CC2-B096-EC12989E912A@onenetbeyond.org> <[🔎] 20190830071732.GA1688@home.ouaza.com> <[🔎] 20190830072959.GB5309@lisa> <[🔎] 20190830085652.GB1688@home.ouaza.com>
On Fri, 30 Aug 2019, Raphael Hertzog wrote:
> On Fri, 30 Aug 2019, Alexander Wirt wrote:
> > There were several discussions over the last years. And yes, our vision of
> > backports does not match the vision of those fastpace/not ready for
> > stable/whatever you call them repos. In our vision debian-backports consists
> > of new (tested, as in "is in testing") features from the next debian release.
>
> "Tested as in testing" really means "tested by britney using the same
> criteria as other packages" and in my earlier suggestion, I was precisely
> saying that I do want to keep britney's filter between unstable
> and <testing-codename>-backports (i.e. the unused bullseye-backports
> during the bullseye development cycle).
>
> Why would it be wrong to have virtualbox or mysql or wordpress or radare2
> in the -backports repo?
>
> We're not speaking of crap software, we're just speaking of software that
> can't be maintained multiple years by backports of security patches, where
> we get fixes only with new upstream versions (mixed with new features).
I don't want to draw that line, someone would have decide if the software is
just crap, the maintainer too lazy or if its really fast pacing. Wordpress is
an example of a software that should really be supported within stable. If
not its just crap.
Imho we should have packages in testing that will not be part of the next
release. And we don't want any form of automated migrations. Full stop.
People should build and *test* their packages against stable.
Alex
Attachment:
signature.asc
Description: PGP signature
Reply to: