Quoting Ben Finney (2017-07-11 14:01:14) > Control: retitle -1 libjs-bignumber: New version available upstream: 4.0.2 > > On 20-May-2017, Jonas Smedegaard wrote: >> Quoting Pirate Praveen (2017-05-20 07:57:32) >>> Most likely this was packaged as a dependency of another package and >>> that package no longer needs it. >> >> Debian packages should be _maintained_, not only packaged. All >> packages, not only topmost ones in dependency trees! > > I agree with that. But I also agree with Praveen's point you omitted: > > > On 20-May-2017, Pirate Praveen wrote: >> node-bignumber is a dependency on node-mysql. Seems newer version of >> node-mysql just work fine with the current node-bignumber. If we have >> to update, we should make sure it does not break node-mysql.
s/but/and/ I agree with that other point too. > Both of these – incorporate new upstream versions, don't break > dependent packages – are important facets of maintaining a Debian > package. > > Sometimes these two important directions conflict. What should be done > if the new upstream version breaks dependent packages without offering > an upgrade path? If _only_ the older version version is relevant then (obviously) we should only provide that version as a Debian package. If both older version and newer version is relevant (either directly for some of our users or as reverse depencency for other packages) then we should maintain both. "Maintain" includes dealing with upstream no longer maintaining the code we carry. "Maintain" includes checking if newer upstream releases cause trouble for reverse dependencies: Not upgrading to newer upstream releases because the code possibly maybe perhaps breaks a reverse dependency but not inspecting closer is lack of maintenance. This bugreport is an explicit request to package a newer version, so an indication that there is some (at least one) of our users would value that newer version being available as a Debian package. This in itself do not mean that we must upgrade, but is an indication of relevancy. I would find it perfectly fine to close this bugreport with e.g. a "sorry, but the newer version breaks the only reverse dpendency in Debian for that code project - please file a separate ITP or RFP bugreport to track eventual concurrent packaging of a newer version as a separate Debian package." After investigating and if then getting to that conclusion. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private