[Pkg-javascript-devel] Bug#862918: libjs-bignumber: New version available upstream: 4.0.2

Jonas Smedegaard jonas at jones.dk
Tue Jul 11 15:28:40 UTC 2017


Quoting Ben Finney (2017-07-11 14:01:14)
> Control: retitle -1 libjs-bignumber: New version available upstream: 4.0.2
> 
> On 20-May-2017, Jonas Smedegaard wrote:
>> Quoting Pirate Praveen (2017-05-20 07:57:32)
>>> Most likely this was packaged as a dependency of another package and 
>>> that package no longer needs it.
>>
>> Debian packages should be _maintained_, not only packaged. All 
>> packages, not only topmost ones in dependency trees!
>
> I agree with that. But I also agree with Praveen's point you omitted:
> 
> 
> On 20-May-2017, Pirate Praveen wrote:
>> node-bignumber is a dependency on node-mysql. Seems newer version of 
>> node-mysql just work fine with the current node-bignumber. If we have 
>> to update, we should make sure it does not break node-mysql.

s/but/and/

I agree with that other point too.


> Both of these – incorporate new upstream versions, don't break 
> dependent packages – are important facets of maintaining a Debian 
> package.
> 
> Sometimes these two important directions conflict. What should be done 
> if the new upstream version breaks dependent packages without offering 
> an upgrade path?

If _only_ the older version version is relevant then (obviously) we 
should only provide that version as a Debian package.

If both older version and newer version is relevant (either directly for 
some of our users or as reverse depencency for other packages) then we 
should maintain both.

"Maintain" includes dealing with upstream no longer maintaining the code 
we carry.

"Maintain" includes checking if newer upstream releases cause trouble 
for reverse dependencies: Not upgrading to newer upstream releases 
because the code possibly maybe perhaps breaks a reverse dependency but 
not inspecting closer is lack of maintenance.

This bugreport is an explicit request to package a newer version, so an 
indication that there is some (at least one) of our users would value 
that newer version being available as a Debian package.  This in itself 
do not mean that we must upgrade, but is an indication of relevancy.

I would find it perfectly fine to close this bugreport with e.g. a 
"sorry, but the newer version breaks the only reverse dpendency in 
Debian for that code project - please file a separate ITP or RFP 
bugreport to track eventual concurrent packaging of a newer version as a 
separate Debian package." After investigating and if then getting to 
that conclusion.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20170711/8cfdc69a/attachment.sig>


More information about the Pkg-javascript-devel mailing list