[Pkg-utopia-maintainers] Bug#1105155: unblock: flatpak/1.16.1-1

Simon McVittie smcv at debian.org
Mon May 12 13:15:23 BST 2025 

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: flatpak at packages.debian.org
Control: affects -1 + src:flatpak
User: release.debian.org at packages.debian.org
Usertags: unblock

[ Reason ]
New upstream bugfix release with fixes for crashes, performance issues 
and usability.

This is somewhat larger than I would normally expect a bugfix release to 
be, but everything in it seems desirable for Debian 13. Upstream has now 
branched for 1.16.x, so we can expect subsequent bug fix releases to be 
smaller, with new development happening on the 1.17.x branch for 
eventual inclusion in forky.

I am an upstream maintainer (although I have not been particularly 
active recently) so I can push back against any changes that the release 
team objects to. Please let me know if there are any.

[ Impact ]
If we don't take this, we won't be able to track 1.16.x for subsequent 
bug fix and security fix releases (which I expect to be considerably 
smaller!) during the lifetime of trixie.

[ Tests ]
There is a relatively thorough test suite, which is exercised by 
autopkgtest and ci.debian.net. I also did some brief manual testing, 
which was successful.

[ Risks ]
This is probably a key package? (or close to being one) and is high 
visibility, but because of its interactions with third-party software it 
strongly benefits from keeping up with upstream, and we have 
successfully used upstream stable releases for our stable updates since 
at least Debian 10.

The change to look for OCI certificates in /etc/containers/certs.d 
(common/flatpak-oci-registry.c, common/flatpak-utils-http.c) is the 
noisiest and therefore highest-risk, but is on a code path that is not 
used in practice by users of Debian and Flathub; the only significant 
user of Flatpak-over-OCI that I'm aware of is Fedora, and there is 
little reason for a Debian user to install Fedora's runtimes or apps. 
Ordinary Flatpak repositories like Flathub use libostree rather than OCI 
for runtime and app downloads.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing
      (lightly filtered, see header)

[ Other info ]
As with Debian 10-12, I'm aiming to follow the 1.16.x stable branch 
during the Debian 13 cycle.

unblock flatpak/1.16.1-1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: flatpak_1.16.1-1.diff.gz
Type: application/gzip
Size: 26409 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20250512/eb0e6340/attachment-0001.gz>

More information about the Pkg-utopia-maintainers mailing list