Bug#835533: dasher: Please package Dasher 5.0 beta

Adrian Bunk bunk at stusta.de
Fri Sep 30 13:34:44 UTC 2016 

On Fri, Sep 30, 2016 at 01:03:46PM +0200, Andreas Henriksson wrote:
> Hello Adrian Bunk.
> 
> On Wed, Sep 28, 2016 at 12:58:44AM +0300, Adrian Bunk wrote:
> > I just attached the trivial upstream fix for the FTBFS to the RC bug.
> 
> Thanks for your patch.
> 
> > This should be sufficient for getting dasher back into testing,
> > I have no opinions whether 5.0-beta is better or worse than the
> > current git snapshot.
> 
> While the patch would solve the RC bug and get dasher back into
> testing, I'm hesitant to assist in uploading it because the
> question "Do we *want* to ship dasher in it current state?" is
> not something your patch addresses. If we do get dasher back
> into testing we'll likely have to also support it for the
> lifetime of stretch. If we're struggling now to find people
> willing to invest any time into dasher maintenance how will
> we be able to make any guarantees about being able to support
> it for the lifetime of stretch?

What kind of guarantees are you talking about?
What kind of support are you talking about?

In practice the only "support" Debian provides for stable are CVE fixes.

Section 5.5.1. of the Debian Developer's Reference does strongly 
discourage doing any other changes to packages in stable.

If the security team does not veto providing security support for dasher 
in stable, then all maintenance that is allowed for dasher during the
lifetime of stretch is guaranteed.

> Until we have a somewhat enthusiastic maintainer it's probably
> better to make dasher available "on the side" rather than in
> the main distribution IMHO. Could you tell me your view on
> this and what your motivation for posting the patch was to better
> help me understand your situation?

I am not using dasher myself, but a user stated in #835533 that he needs 
dasher.

Derived distributions are special users, but the vast majority of users 
won't even have a chance to notice that dasher was removed before they 
upgrade when stretch is stable.

Not shipping a package in the next stable that was in the previous 
stable without a good reason does needlessly create troubles for users.

You have agreed that you will place the interests of users first
in your priorities.[1]

The available options for dasher are:
- apply my patch, giving users the latest non-beta release of dasher
  with 3 (or 5 with LTS) years of security support in stretch
- not providing dasher in stretch

I am not saying that either is a perfect solution.

But reality is that "latest upstream version and no RC bugs" is pretty 
much all you can expect on maintainance from an average Debian package.

And this includes packages that you (co)maintain.

As an example, if a user reports a normal bug against the version
in stable of Evolution package that you co-maintain today, do you 
Andreas personally guarantee that this bug will be handled by you
(or any other of the GNOME maintainers)?

If you do not, you should either immediately send an RC bug against 
evolution to prevent releasing it in a stable [2], or stop setting
unrealistic expectations for random other packages.

> Regards,
> Andreas Henriksson

cu
Adrian

[1] https://www.debian.org/social_contract
[2] The situation of evolution in jessie is actually much worse than
    the situation of dasher in jessie or stretch - I assume that you as 
    maintainer are aware that one of the most security-critical parts of
    evolution is explicitely excluded from security support in jessie.

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

More information about the pkg-gnome-maintainers mailing list