Select provider of libav* libraries

Jonas Smedegaard dr at jones.dk
Mon May 18 09:15:04 UTC 2015 

Quoting IOhannes m zmölnig (Debian/GNU) (2015-05-18 09:36:51)
> On 2015-05-17 22:53, Jonas Smedegaard wrote:
>> I use bleeding edge tools for some of my own work.  And I use FFmpeg 
>> for some of that.  But I will continue to use bleeding edge tools for 
>> that work - which renders it irrelevant for judging what is relevant 
>> for long term maintenance in Debian.
>
> my personal situation is:
> - - i use Debian
> - - i (need to) use bleeding edge tools
>
> this obviously makes my a user of testing/sid (trying to avoid 
> experimental as i historically had some problems with that - and if 
> only is about stalling while fetching tons of Packages updates for the 
> one or two packages i actually use).
>
> so i can use bleeding edge tools whenever they enter sid, which means 
> that they probably will enter stable at some future time (any package 
> entering sid should reach stable somewhen; some don't, but that's not 
> how it *should* be).
> but if a package is unfit for stable due to un-existing long term 
> maintenance, it will never show up in sid :-(
> 
> your suggestion with using experimental suggest a way to fix that 
> problem. however, i'm not sure whether the number of users going on 
> through the hazzle of enabling experimental would make up for the 
> additional maintenance burden.

Uhm, I examplified by mpv's use of experimental, but my proposal is more 
generally to distinguish between boring and exciting, and treat only the 
former as suitable for long-term maintenance.

There are multiple ways to handle packages unsuitable for long-term 
maintenance:

  * Treat as "experimental" - e.g. mpv
  * Flag as "buggy" - e.g. bitcoin
  * Have security team treat as "too unreliable" - e.g. iceweasel

Each way has its problems, either being cumbersome to reach without 
raising the risk of also accidentally pulling in other unrelated 
stowed-away-for-other-reasons package, or being too easy to install 
without warning about its own problematic nature (i.e. if not having 
package debian-security-support installed).

(It is far less risky nowadays to include experimental suite in APT, due 
to adjusted default scores for that suite.  But risk is still there.)

What I propose is to not wait for security team approval, but at first 
use methods of treating FFmpeg-linked packages as too exciting for 
stable which are possibe without security team coordination.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150518/8292d67e/attachment-0001.sig>

More information about the pkg-multimedia-maintainers mailing list