|
Home > Archive > Debian Developers > August 2005 > Use volatile?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Simon Huggins 2005-08-01, 8:31 am |
| On Sun, Jul 31, 2005 at 11:10:04PM +0400, Nikita V. Youshchenko wrote:
> As it is being currently discussed on debian-security [1], security
> team has hard times supporting mozilla family of packages, because of
> unfriendly upstream policy - they don't want to isolate security fixes
> from a large changesets of new upstream releases. And given the huge
> size of the package, isolating security patches at Debian level also
> fails.
[..]
> Maybe in rare cases like this one, when these seems to be no other way
> to keep important package set secure, we should allow new upstream
> into Debain Stable?
What happens if they require new versions of libraries which already
exist in stable?
I think you need a couple of ways out and to decide between them
possibly just leaving well alone and making users aware of the issue
(perhaps pointing them at volatile?) if library upgrades are needed as
well as the case where new self-contained upstreams could be allowed in.
Is volatile not a better general place for such packages though really?
Maybe we just need more emphasis on volatile to our users. (i.e. get
the installer to prompt about it etc).
Simon.
--
Granny grasped her broomstick purposefully. "Million-to-one chances," she
said, "crop up nine times out of ten."
| |
| Nikita V. Youshchenko 2005-08-01, 8:32 am |
|
> On Sun, Jul 31, 2005 at 11:10:04PM +0400, Nikita V. Youshchenko wrote:
> [..]
>
> What happens if they require new versions of libraries which already
> exist in stable?
It depends on the nature of the dependency.
If recompilation against version in debian stable is possible, no problem.
This will be the case in most situations I believe.
If some new library feature will be needed - it's more interesting.
Probably should be examined on case-by-case basis.
> I think you need a couple of ways out and to decide between them
> possibly just leaving well alone and making users aware of the issue
> (perhaps pointing them at volatile?) if library upgrades are needed as
> well as the case where new self-contained upstreams could be allowed in.
>
> Is volatile not a better general place for such packages though really?
> Maybe we just need more emphasis on volatile to our users. (i.e. get
> the installer to prompt about it etc).
I don't have anything agaist using volatile for this.
The only thing that is IMHO a must - it should still be possible to
install/upgrade/uninstall packages with normal debian package management
tools.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|
|