I've been packaging WebGUI [1] for over two years [2], maintaining unofficial packages for Debian Lenny until it was impossible to run WebGUI on it due to dependencies. Gregor (gregoa) has been my upload sponsor and packaging mentor, while Colin has been the main point of contact with upstream, having helped with bugfixes and several enhancements that have made WebGUI more suitable for Debian packaging.
The Squeeze freeze happened just a few days before webgui 7.9 was released as stable, and 7.8.24-1 was included in Squeeze a few days later. There will be no 7.8.25, since upstream's development cycle is a steady and goal-oriented one, and once a version is deemed stable, the previous one isn't developed nor updated any more. In the past, I've always waited for the development version to become stable before transitioning the package (7.5 to 7.6, 7.6 to 7.7 and 7.7 to 7.8); I feel it's important for the release team to know, what I've found out in practice and Colin can confirm: transitions from minor WebGUI versions (e.g. 7.N to 7.N+1) are completely smooth due to the way upgrades are handled by WebGUI and the Debian package uses it. It's been a week since I finished the packaging transition to 7.9 (it's still marked as UNRELEASED in collab-maint SVN) closing three packaging bugs along the way (593885, 593698 and a non-reported bug I was waiting to fix). I've also tried to simplify debian/rules but several shortcomings in dh_fixperms (bug filed) prevent me from getting rid of the explicit find-chmod combinations (they have been there and work fine, I just wanted to get rid of them). Now, following WebGUI's development cycle, 7.8 is now deprecated and one should be using 7.9 for the following 6-8 months before 7.10 is released. Upstream won't fix bugs you detect on 7.8 unless they show up in 7.9 too, and they fix them in 7.10/7.9 but the fixes aren't backported. This means that having 7.8.24 in Squeeze would mean having an already old version of the application. There have been several _potential_ security issues in all the 7.x releases before 7.9 that have been addressed and fixed but cannot be backported to 7.8 because of structural changes in WebGUI. That's one of the reasons why an upgrade to 7.9 is mandatory. Colin has offered to grant access to the bug reports that show the potential vulnerabilities and explain the fact that they can't be backported to 7.8. As is usual with WebGUI and the current Debian package, the upgrade from 7.8 to 7.9 is flawless and I've tested it thoroughly. For the first time, the codebase testing routines provided by WebGUi (over 20000 tests) complete successfully even under the stressful code coverage and "live system tests". Finally, the packaging bugs I fixed provide stricter FHS compliance and address some borderline upgrade cases that prevented clean upgrades. This is the first time Debian Stable will have a webgui package, and I think Squeeze should be released with a current, safe to use, and easily upgradeable version of WebGUI, and that would be the current 7.9.13 package. FWIW, I have a couple of _production_ installations with the same 7.9.13 package running on Squeeze (with a couple of locally built dependencies, more on that later) that have been working flawlessly for a couple of weeks now under heavy load and even with local customization. So I'm requesting a freeze exception (actually three) in order to get webgui 7.9.13 into Debian Squeeze. The exception would include two dependencies already in NEW, packaged by me and maintained under the Debian Perl Group, again being nitpicked by gregoa, dam and ansgar: liblog-any-adapter-dispatch-perl and libchi-perl. Finally, the exception for webgui 7.9.13-1 proper, that will be uploaded only if the exception is granted. I apologize for having waited this much to ask for the freeze, but I wanted to be sure that everything was working properly. Thank you for your time and effort. [1] http://www.webgui.org [2] svn://svn.debian.org/svn/collab-maint/ext-maint/webgui/ -- Ernesto Hernández-Novich - @iamemhn - Unix: Live free or die! Geek by nature, Linux by choice, Debian of course. If you can't aptitude it, it isn't useful or doesn't exist. GPG Key Fingerprint = 438C 49A2 A8C7 E7D7 1500 C507 96D6 A3D6 2F4C 85E3 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
