[Python-modules-team] python-django_1.8.18-1~bpo8+1_amd64.changes REJECTED
Raphael Hertzog
hertzog at debian.org
Wed May 24 11:00:41 UTC 2017
On Wed, 24 May 2017, Adrian Bunk wrote:
> > This is because backports maintainers are expected to keep the packages
> > they upload there as secure.
>
> "are expected" != "are actually doing"
>
> > If the rules are not allowing us to do that, then the rules are bad.
>
> The biggest general problems are not the rules.
>
> If the person who did two years ago the jessie backport of a package
> used by DSA retired from Debian a year ago or is one of the many MIA
> developers, how are the machines maintained by DSA kept secure today?
Adrian, you keep diverting the discussion to something entirely else.
I'm stopping here. You are bringing into light known problems
that have currently no good answers. But those problems exist with
the current policy already. So they are irrelevant in the discussion
of my requested change. My request is not making that worse
or better.
> Imagine someone else would have done the python-django backport,
> and would upload 1.10 to jessie-backports today.
> What would you as user do?
You are again diverting the discussion to another problem. This is
not my situation... in the general case, the user can't rely on
the version in jessie-backports to not change in backwards incompatible
way.
But I'm the maintainer and I can promise more than the baseline. I can
tell my users "I will keep maintaining the current LTS version as long as
it's support upstream" in $stable-backports.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
More information about the Python-modules-team
mailing list