[Pkg-mpd-maintainers] MPD 0.21 in buster
Max Kellermann
max at blarg.de
Wed Nov 14 08:21:19 GMT 2018
On 2018/11/13 23:19, Florian Schlichting <fsfs at debian.org> wrote:
> Hi Geoff,
>
> > Is there any plan to ship MPD 0.21 in buster?
> >
> > Since the protocol has changed quite significantly it will probably
> > break some clients/library implementations (so far I only noticed an
> > issue with an android client).
>
> I think MPD 0.21 is still very new, and I'm not sure there's enough time
> for it to stabilize enough so we can have a version included in buster
> by late January that will remain largely unchanged for the lifetime of
> that release. MPD 0.20 on the other hand is mature and well-tested, and
> since you say 0.21 will probably break some clients I wonder if we
> shouldn't pick the "boring" route and go with 0.20 for buster?
It breaks one buggy client which relied on a MPD bug, which now got
fixed (and that client isn't even part of Debian, because it's an
Android app). On the other hand, if you keep shipping MPD 0.20, you
break those clients which require the correct implementation. So
that's quite a dull argument.
Other than that bug fix, the protocol hasn't "changed quite
significantly" - there are numerous new features, for example the
filter expressions, but the old filter syntax still works, of course.
The old 0.20 branch is now unmaintained. Several old bugs have
already been fixed in 0.21 which remain unfixed in 0.20.
For Stretch, Debian refused to upgrade to 0.20 and decided to ship a
known-buggy version instead. History repeating for Buster.
It is sad that I have to tell Debian users to avoid using Debian's MPD
package, because it has known bugs, and it is sad that I keep using
bug reports from Debian users for bugs which I have fixed long ago.
That's a continuous waste of my time.
But it could be worse, just look at the ncmpc package, which appears
completely unmaintained and even suffers from a CVE (of course, that
bug was already fixed upstream when it was reported in the Debian bug
tracker): https://security-tracker.debian.org/tracker/CVE-2018-9240
Max
More information about the Pkg-mpd-maintainers
mailing list