Control: tags -1 wontfix Control: close -1 On Mon, 17 Apr 2023 19:02:54 +0200 Gregor Riepl <onit...@gmail.com> wrote: > Package: azure-cli > Version: 2.45.0-1 > Severity: important > X-Debbugs-Cc: onit...@gmail.com > > Dear Maintainer, > > Upstream has had lots of bug reports due to discrepancies between the version > packaged in Debian and Ubuntu and Microsoft's own "official" Debian packages: > https://github.com/Azure/azure-cli/issues/19640
The only official Debian packages are what you find on debian.org and its mirrors, third party repositories are unofficial by definition and are to be used at one's own risk, especially like in this case where due to very dubious and poor security practices employed means they are basically attack vectors, that nobody who cares about security of their systems should ever touch. > Virtually all of these bugs were reported upstream instead of the Debian > project, causing fallout on their side, whilst the Debian packages remain > broken. Debian packages are not broken, they are working fine, to the extent permitted by extremely broken and messy upstream sources. Due to upstream bugs outside of our control at times some subfeature might not work, but there's nothing we can do about it, there's always something broken in the upstream code. > Please consider working closer together with upstream to reach the same release > quality, or (possibly) fix the bug reporting channel, so bugs specific to the > Debian version are reported where they belong (i.e. BTS and not upstream's > Github). That is a bit rich, given upstream routinely ignores bug reports, pull requests and so on, to the extent that I have given up even trying. The "azure-sdk-for-python" upstream repository is an absolute disaster of a dumpster fire, with no attempt whatsoever at even a semblance of functional release engineering, which causes enough pain already to us. > As an alternative, please consider renaming the Debian packages, so there is > less ambiguity which version is installed. Absolutely not, the official Debian packages are following Debian policy and best practices as they should, while upstream is a gigantic mess and a security nightmare, so ask them instead. -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part