[Pkg-postgresql-public] postgresql-8.4/security newer than unstable / testing

Sun Sep 9 11:50:45 UTC 2012

Christoph Berg [2012-09-08 22:41 +0200]:
> Re: Adam D. Barratt 2012-09-08 <1347135924.8753.72.camel at jacala.jungle.funky-badger.org>
> > Often this is achieved by ftp-master copying the packages "upwards"
> > during the point release.  My understanding is that this would be
> > unwelcome in this case, as it would re-introduce a number of binary
> > packages which have been dropped from the wheezy packages.
> 
> Nod. (We should probably also add something about this to the release
> notes.)

Confirmed. It would also break, as the sole reason for having this
crippled package in wheezy in the first place is that squeeze's
postgresql-plperl-8.4 does not work in wheezy due to 
libperl5.12/5.14 not being installable in parallel.

> 
> > As far as I can see, the easiest way to resolve this would therefore be
> > a no-changes upload to unstable with a higher version number, which we
> > could then allow to transition to testing.  This could be a fake
> > "8.4.14.really.8.4.12" style version, but this has the potential to
> > break again in future.  My suggestion would be to add an epoch, ensuring
> > that the wheezy packages always have a higher version - I've assumed
> > that the packages won't be seeing any further updates for jessie.

Correct. postgresql-8.4 should be removed entirely as soon as wheezy
gets released.

> I think the proper solution would be to really update the wheezy
> package with the 8.4.13 postgresql source. There might even be
> relevant pl/perl changes that should go into wheezy. I'll check the
> changelog for that.

I did check the whole diff, and PL/Perl was not changed at all, which
is why I didn't update the unstable version (I pointed that out in my
mail to security@). I didn't consider the versioning problem though,
sorry about that. I'll upload a new version.

> I'd rather avoid adding an epoch version (or some other artificially
> high version number) as that would break upgrades for people moving to
> some other source for postgresql-8.4 packages (pgapt.debian.net, soon
> to be moved to postgresql.org infrastructure).

I agree.

> Not sure how we can keep the versions properly sorted, short of always
> also updating 8.4 in wheezy. We'll think about that. Martin?

Hm, interesting case. As it has to be smaller than the backports
versions but bigger than squeeze-security's, I don't see other options
than keeping wheezy up to date with new upstream versions. Upstream
support for 8.4 will cease in a year or so anyway, i. e. we are
looking at doing three to five further updates to it. From my point of
view that's bearable, if the release and security teams agree?

Thanks,

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20120909/ea6d10d2/attachment.pgp>