On Wed, May 03, 2017 at 12:27:00PM +, u wrote:
> Currently, the design of the software makes the package very often
> unusable, as soon as TorBrowser upstream gets signed with a different
> OpenPGP key or the SSL certificate of the server changes. This is not
> reliable and normal users will be unable to workaround these issues
> themselves.
I don't see why uploading to stable-security to fix these issues (=changing
a GPG key or SSL cert) ain't possible, but this is certainly your call.
> It'll be easier and safer to provide up-to-date versions to users using
> stable-backports. This shall be documented on the Debian wiki.
So you are assuming the above will change in the future? Because,
stable-backports is only for packages which will be included in the next
release…
Also the fact that you neglected the current jessie-backports package
(it's broken since months) is not setting a good example for future
backports… (backports admins really dont like it…)
All this also means that I'll drop most tests from
https://jenkins.debian.net/view/torbrowser/ - except those testing
installation in unstable and from unstable (on testing and stable) and
from git. (The failing tests constantly send emails, which is what bothers me
here.)
--
cheers,
Holger
signature.asc
Description: Digital signature
