[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#657405: mediagoblin: no more missing dependencies

On Mon, Oct 13, 2014 at 11:33:11PM -0400, Simon Fondrie-Teitler wrote:
> I should have posted that 0.6.1 is now in new (thanks Asheesh!). 
> https://ftp-master.debian.org/new/mediagoblin_0.6.1+dfsg1-1.html

That is great news indeed! Thanks Asheesh!

> In terms of Jessie, I'm actually not aiming to get it in, and either
> Asheesh or I will probably file an RC bug to prevent it from migrating
> to testing. Upstream is not planning on supporting either 0.6.1 or 0.7.1
> for the next few years, and I can't commit to providing security
> support. I do welcome the thoughts of others on this issue though.

Has the upstream indicated that they plan on doing long term support
on some later version?  If so, then OK, I agree it might be good idea
to wait for that (even if we miss Jessie).  If not, then I'd assume
it would be like with vast majority of other packages - only last
version ever gets fixes ("perpetual development" model).

If you're lucky, some packages have a practice that the most
important fixes might be released as new point release (or two) for
last "stable" version, but that support (when available) is also
usually measured in at most months, and certainly not years.  

If the current development model of mediagoblin is any indication of
future, it will follow the same path: you'll get minor bugfix from
0.6.0 to 0.6.1, but next one will be major 0.7.0, and after that it
would be end of support for 0.6.x. Same will probably be with 
0.7.0 -> 0.7.1 -> 0.8.0, etc.

What am I getting at, is that most packages work that way (without
providing LTS), and yet they're readily available in Debian Testing
and Stable.

Blocking mediagoblin until upstream commits to LTS would probably
result in mediagoblin never getting into stable, which I think would
be great shame, as I think (especially due to its distributed nature)
mediagoblin would suffer greatly if it is not available easily as
prepared package in distributions - most people will never even
consider "wget/unpack/get and build dependencies/compile/install" route.

So I'd ask Asheesh and you to reconsider allowing mediagoblin in Jessie.

If there are any (security or otherwise) bugs you think are
preventing it NOW from entering testing, by all means do voice your
concerns, so others (like myself) might try to help. But I do not
think abstract fear of the possible future should be RC bug...

And if/when security bugs happen later in the cycle, I'd like to help
too.  I'm no great python hacker (perl is more of my forte), but I do
manage around, and I think I could be of help backporting security
fixes if needed.

But, as words are cheap, I'll show some git work on mediagoblin in
next week. 

-- 
Opinions above are GNU-copylefted.
Reply to: