[Pkg-privacy-maintainers] Bug#861744: Bug#861744: torbrowser-launcher: Should not be part of Stretch

Holger Levsen holger at layer-acht.org
Sun May 21 19:04:34 UTC 2017


On Wed, May 03, 2017 at 12:27:00PM +0000, u wrote:
> Currently, the design of the software makes the package very often
> unusable, as soon as TorBrowser upstream gets signed with a different
> OpenPGP key or the SSL certificate of the server changes. This is not
> reliable and normal users will be unable to workaround these issues
> themselves.

I don't see why uploading to stable-security to fix these issues (=changing
a GPG key or SSL cert) ain't possible, but this is certainly your call.

> It'll be easier and safer to provide up-to-date versions to users using
> stable-backports. This shall be documented on the Debian wiki.

So you are assuming the above will change in the future? Because,
stable-backports is only for packages which will be included in the next
release…

Also the fact that you neglected the current jessie-backports package
(it's broken since months) is not setting a good example for future
backports… (backports admins really dont like it…)

All this also means that I'll drop most tests from
https://jenkins.debian.net/view/torbrowser/ - except those testing
installation in unstable and from unstable (on testing and stable) and
from git. (The failing tests constantly send emails, which is what bothers me
here.)


-- 
cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20170521/f3d3f01d/attachment.sig>


More information about the Pkg-privacy-maintainers mailing list