On 3/3/21 9:09 AM, Wouter Verhelst wrote:
> I don't agree with the statement that doing things like this is a bad
> idea. Sometimes doing the minimal necessary to make a package work again
> so that our future needs will still be served by it is a good idea. I
> think that this is one of those times, and I guess that it's the same
> for most of the packages uploaded like that.

Sure, you don't have to agree with my stance on this. I think it's better
to not ship something at all than to ship something with a hotpatch that
hasn't been touched for a long time.

After all, users expect packages that are shipped with a release to meet
certain quality standards and I would say that chances are not zero that
such a package which hasn't been touched for a longer time will have other
problems that may warrant further action of the security team in the future.

But ok, maybe my thinking is too much influenced from the SLES release process
at SUSE which ships with a rather limited set of packages which are guaranteed
to work and are officially supported.


 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply via email to