On Mon, Feb 19, 2018 at 08:35:29PM +0100, Michael Meskes wrote:
> > What is the user supposed to do when Debian announces that some
> > software essential for that user is no longer supported in the
> > stable release the user is using?
> Again, where does this differ from the user realizing their own self-
> baked installation cannot be upgraded anymore?
Upstream often has ways and schedules for their software that just
happen to differ from how and when Debian does things.
"self-baked" might just be the normal upstream way of installing the
In the best case uptream provides a container containing everything the
> > At that point the options for the user are either to continue using
> > software that might already have known grave vulnerabilities, or to
> > do a rushed attempt trying to find some way to self-install an
> > upstream
> > version that is still supported.
> And why wouldn't we offer said upstream version instead of the
> unsupported older one?
In some cases this might require changing literally thousands of
packages in stable.
Imagine said upstream version requires the latest Node.js.
Various other packages in stable won't work with the latest Node.js
and will also require upgrading.
In the Node.js ecosystem it is par for the course when upgrading
a package breaks countless reverse dependencies.
And all this automatically deployed via unattended-upgrades to
millions of machines running Debian stable.
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed