[Python-modules-team] Bug#775892: unblock (pre-approval): python-django/1.7.3-1

[Mehdi Dogguy]

Le 2015-02-04 09:01, Raphael Hertzog a écrit :
> it's been two weeks that I have opened this pre-approval request
> and I got almost no feedback from the release team (except Neil saying
> that he has no answer for me on IRC).
> 

Neil or Niels? I can understand why the former doesn't have any
answer for you on this subject. The latter might not have make his
mind yet on this because it is not an easy subject.

Anyway. I don't think this request has been overlooked during the
few past weeks. I think that easier requests have been privileged
which leaves the harder ones that need more thinking.

> If I don't hear back from you in the next two days, I will proceed
> with what I believe to be best, which is:
> 

Do you think such a statement helps you in any way?

python-django is a complex an important package shipped by Debian
and it gets uploaded to fix security issues quite regularly. Shipping
an old version doesn't seem a great plan because it is taking the risk
of not being able to perform security updates in the future, and/or
introduce regressions while backporting non-trivial patches. Somehow,
the question boils down to "How much do we care about the security?".

The non-trivial part is to try to draw a line to know what should be
allowed to be updated using new upstream releases, and what doesn't.
An effort has been made into this direction (See packages like linux,
iceweasel, postgresql, etc...) but I think that there is still room
for improvement there.

So while I can understand your frustration, please be more patient
next time because the requests are not trivial (and there are of
bunch of them). We are trying to do our best and we will eventually
reply to all requests.

Anyway. Based on my blabla about security stuff, I've decided to
unblock this package so that it migrates to Jessie. Note that this
doesn't mean that we will accept (let's say) 1.7.5 next time.

Regards,

-- 
Mehdi