Hi Rhonda, On Wed, Mar 07, 2018 at 03:11:25PM +0100, Rhonda D'Vine wrote: > Thanks. Are there any plans to work on the oldstable and stable update > too, or is the LTS approach really just to prioritize oldoldstable > higher than stable or oldstable?
I think this is an unfair characterisation. LTS is about collecting
funds to fix things in LTS (which either is oldstable or oldoldstable,
depending on the age of stable). A *side* effect of this is that
sometimes things are fixed in LTS which are not yet fixed in other
suites. But that is not "the LTS approach", it's merely a side effect.
> I've got a response by Ingo telling me that the LTS team is
> underfunded. For the sake of that, wouldn't it be wise to apply similar
> judgment as the security team towards the importance of updates then,
> and concentrate on those instead of things that aren't fixed for stable
> or oldstable?
That would directly interfere with the work of the security team, which
are volunteers. Thus I'm quite afraid that this could lead to demotation
of that team. Maybe not so wise.
OTOH work on LTS is work usually noone wants to do, because usually
developers, especially if they are volunteers, are mostly interested in
fixing things in current code, but not in stuff which is many years old.
> Given that users now contact me, the impression that
> through the LTS financing we get more things fixed in oldoldstable than
> we get fixed in stable really leaves a bad impression on people.
I'm not convinced not fixing things in LTS is a good answer here.
> So, for my own packages: You are free to LTS upload them anytime you
> want to, but ONLY if you are also willing to check that the things get
> fixed in our main supported releases, too.
While I totally support your request, let me tell you how I also
perceive it: to be able to do paid work (fix LTS things) you now also
require me to do (unpaid) volunteer work. And I am saying this while I
also understand that it might look strange that things are fixed $there
but not $here.
(Because we cannot really use those paid LTS ressources to fix non-LTS
things. At least not without discussing game-changer with the sponsors
and the Debian community first.)
> No, that doesn't mean you
> have to personally do it yourself, but you should only upload to the LTS
> release if there is a plan for having it done for the main supported
> releases, mainly stable and oldstable, too. That definitely shouldn't
> be asked for too much.
well, just "having a plan" ("the sec team will fix it one day or mark it
no-dsa") is probably not enough, at least if I understood your
intentions correctly ;p
;tl;dr: I don't really have a good idea (yet) how to resolve the issues you
are pointing out, and maybe my assumptions are or will be wrong, but it's
definitly not that LTS doesn't care, but rather that the LTS team is
paid to care about $other_things.
--
cheers,
Holger
signature.asc
Description: PGP signature
