Hello, Missatge de Jonathan Wiltshire <j...@debian.org> del dia dg., 17 de març 2019 a les 19:04: > > Control: tag -1 moreinfo > > Hi, > > On Wed, Mar 06, 2019 at 11:51:45PM +0100, Hector Oron wrote: > > OK, I tried, and to be honest, stable isn't perfect either, since > > distro lifecycle is longer than application support, so not allowing > > newer upstream versions in stable is problematic security wise in the > > long term. open-build-service is not the only one in this category, > > there are many packages in the same situation and it'd be nice to find > > a common solution for all those. > > What is upstream's approach to stable security updates like? How long is a > stable series maintained? Is it realistic to cherry-pick fixes from new > upstream releases for buster's lifetime? > > New upstreams in stable aren't a problem in themselves, but when not all > new upstream releases are suitable (e.g. mixing bug fixes and features) the > effect can be to block further releases, and make fixing high severity bugs > harder.
I have been discussing with my colleagues about current state of the package and it needs a bit more polishing, hence we are fine with closing this unblock as Paul did. We'll look into alternative ways to distribute the package for the next stable distribution. Thanks, -- Héctor Orón -.. . -... .. .- -. -.. . ...- . .-.. --- .--. . .-.