On Thu, Dec 12, 2013 at 5:00 PM, Micha Bailey <michabai...@gmail.com> wrote: > Apologies for the cross-post, but I wasn't sure which mailing list would be > most appropriate. > Also, please note that I am writing this as myself, not as a representative > of the Bitcoin project or development community.
As one of the Debian maintainers for the package, I agree that the network protocol is in such a flux that it is not suitable for stable release yet. Old versions not only hurt users, but pose a threat to the network as a whole. PPAs are more appropriate, at least for the time being. Debian has an RC bug preventing migration to testing for this and other reasons [1]. Perhaps blacklisting bitcoin import from Debian, and removing it from the Ubuntu repositories, is reasonable. This is difficult, because many users rely on the package - and removing it from the repositories will leave them vulnerable. However, keeping the package in the repositories potentially makes more users vulnerable. Another alternative would be to have a MOTU/dev that is interested perform day-of-release backports, and encourage users to enable backports. However, this could create a situation where the stable release contains a harmful version, and only the backport version would be safe to use. This is probably unacceptable to both Ubuntu and Bitcoin. Also, the bitcoin package is only really necessary to run a full node. Users that want to run a wallet can use electrum (in ubuntu and debian) or multibit (not in Debian yet, but someone is working on it). At some point bitcoin should be stable enough that full node software can be included in Ubuntu and Debian releases, but for now it is probably best to use the PPA. Regards, Scott [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272 -- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu