Paul J Stevens wrote: >Adam, > >Dbmail-1.2 contains a possibility for sql-injection, and I'm not going to fix >it. Nor is any of the other developers involved in dbmail. As such it doesn't >belong in a stable release. > >Still, I don't want to create unnecessary hassles for the existing dbmail >userbase by confronting them with an incompatible upgrade while doing a >dist-upgrade. Moving from 1.2 to 2.0 is not a trivial matter that requires >careful attention and verification. > >
Yes, but that is what version numbers, changelogs and NEWS are for. This is especially true when you are not going to maintain dbmail-1.2 and 2.0 at the same time. All this does it clutter the archive and confuses the users. If I was in your place, I would package dbmail 2.0 as dbmail package and just put a big warning in the changelog or even the NEWS file. If someone doesn't want to upgrade, then they will just put the package on hold. Right now I see dbmail only in unstable, so you should not worry too much about users not knowing what they do :) I'm sorry, but making dbmail2, and removing dbmail just because some stuff changed doesn't make sense unless dbmail2 *and* dbmail were in the archive at the same time. - Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
