Bug#1031046: Only include in Bookworm with commitment to stable updates

Fri Dec 13 12:06:48 GMT 2024

Quoting Matthias Urlichs via Pkg-voip-maintainers (2024-12-13 11:58:40)
> On 12.12.24 19:16, Jonas Smedegaard wrote:
> > Frankly I am not comfortable having Asterisk enter into Debian, with a
> > team where those to be counted as active has such reluctant interest in
> > gaining experience with the machinery crucial to the work ahead.
> 
> One might note that the crucial machinery consists, at first 
> approximation, of our bug tracker, resp. the list of active bugs therein.
> 
> Asking the bug tracker for ?src=asterisk, i.e. not filtering for 
> release, results in exactly one open RC bug, which is the one that 
> complains about "commitment to stable updates".
> 
> The fact that tracker.d.o complains about issues in bookworm is a minor 
> detail here and I can't fault people for not wanting to delve into yet 
> another Debian subsystem – one with a list of open bugs that's longer 
> than Asterisk's (and with at least one older bug), which moreover is 
> tangential to our actual goal.
> 
> That goal is to (a) close #1031046 and (b) get Asterisk into a shape 
> that's long-term maintainable without deep understanding of the 
> mechanics of its packaging (because there *are* no special-sauce mechanics).
> 
> IMHO (b) is kindof a requirement for (a).
> 
> I can justify taking some (paid) time to help fix the problems that 
> prevent Asterisk from being as easily maintainable as any other 
> not-quite-trivial package.

That would be great!

> I cannot justify committing to watch over 
> something that requires an hour of delving into the mechanics of build 
> systems that pre-date git to even understand what I need to do.

Quite understandable.

> IMHO² fixing a security bug should consist of five steps:
> 
> * git checkout stable; git pull salsa stable-updates; git fetch upstream
> * git cherry-pick «upstream_commit_id»
> * dch && git commit --amend -c HEAD debian/changelog  # or something 
> along these lines
> * git debpush
> * … there is no step five.
> 
> Can we get to that point, for Trixie?

Short answer: No.

Debian is not git-centric, and any attempt at turning it git-centric
involves convolution, and each convolution has trade-offs.  You present
a sepcific set of trade-offs, and the current packaging that I maintain
is another set of trade-offs.

I am open to renegotiate trade-offs, but not as a quick move close to a
deadline, and not as a negotiation deal: If your offer to help is
contingent on a specific 5-step routine then please come back after or
during an eventual later relaxed team discussion on reorganizing the
packaging routines, because that won't happen right now.

That said, if there is an "or something" next to all the steps, and what
you are asking is for a 5-step procedure, then we are already there and
I am happy to spell out the 5-step procedure which I can see is
generally needed for folks new to Debian build routines.

...but I will not do so, if the purpose is to try shoot it down and
insist that one specific 5-step procedure is required.  That is not a
short-term change, but more involved.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private