Hi, First, I'm an official DD and the maintainer of CouchDB.
On Tue, 2012-01-31 at 13:36 -0500, Sam Bisbee wrote: > Sorry, I wasn't clear enough with the productivity stuff. I was trying > to drive more at the LTS issues. Debian essentially believes that > everything introduced into their repos is LTS [...] Actually no. We hope that upstream teams do support security vise their previous releases. On the other hand, we have backports which contains packages considered stable enough compiled for a stable release. Also, we have volatile which is for fast moving targets like virus scanners, see amavis for example. > Or maybe CouchDB does consider their versions to be supported for 1yr > +? I vaguely recall support time lines being discussed years ago. Well, there's a recent example when a package will be updated to a more recent version in stable due to security concerns[1]. > As for the back porting, Debian doesn't directly manage any packages. > Everything has a package maintainer who may or may not be part of the > Debian staff, so it really does land on the maintainer. And I don't > see how you could back port fixes from, say, 1.x.x to 0.x.x. Let me ask an other way. Is CouchDB expected to change a lot internally? What about helping downstream with security fixes? When CouchDB 1.2.0 is expected to be released? Regards, Laszlo/GCS [1] http://lists.debian.org/debian-security/2012/01/msg00041.html
signature.asc
Description: This is a digitally signed message part
