[Alioth-staff-replacement] Some details for the sprint tomorrow

Pirate Praveen praveen at onenetbeyond.org
Fri Aug 18 09:16:27 UTC 2017 

On വെള്ളി 18 ആഗസ്റ്റ് 2017 10:54 രാവിലെ, Philip Hands wrote:
> It seems that there is nothing that is packaged that we're willing to
> use.  I had thought that one of the points in favour of gitlab was that
> it was packaged, but if we're agreed that the version that's been
> packaged is outdated and insecure to an extent that means we should just
> use whatever upstream is releasing, then that does not apply.

pagure packaging is very close to completion.

> Also, if it is the case that gitlab in stable is unlikely to ever be
> supportable, a couple of things occur to me:

How did you reach that conclusion? We are actively fixing security
issues. What version in stable lacks is new features.

>   1) using packages out of unstable seems like it's closer to what DSA
>   can tolerate than using the upstream direct, so perhaps we should
>   just do that (or could this perhaps be the thing that will finally
>   provide enough motivation for bikesheds to become a reality? ;-) )
> 
>   2) Having a version of gitlab in stable seems like a disservice to
>   Debian's users, if we're not willing to touch it.  If the software
>   really is not stable, we should make that clear by ensuring that it
>   doesn't get in releases, so that people know that they're having to
>   grab it out of unstable, and thus what to expect.

I think you are confusing stability with latest features. The reason why
some people would prefer the latest upstream is for new features, not
stability. I run git.fosscommunity.in with stable packages and I don't
see such stability issues which you have conjured out of your
imagination. Yes, we'd like the new features, but that is a different
problem. We hope to provide new features via stretch-backports (we
already provided custom repo for jessie for a long time, so we have
experience doing it).

But more people joining the packaging/backporting effort will definitely
speed up things.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/alioth-staff-replacement/attachments/20170818/505e1461/attachment.sig>

More information about the Alioth-staff-replacement mailing list