On Fri, 22 May 2009, Darren Duncan wrote: > The core SQLite team via sqlite.org is very responsive to bug > reports and does fix them in a reasonable timeframe, so the best > thing that Debian can do is to work with them to fix bugs and to > only release versions of SQLite that match core versions.
This is Debian's goal for all packages. However, even with the best possible communication with a responsive upstream, Debian often ends up distributing versions which include patches that fix bugs which are fixed in as-of-yet unreleased versions of upstream code or, alternatively, including security fixes that are present in an upstream release, but need to be backported to the (possibly outdated) version Debian is distributing in stable.[1] To avoid this extra effort (or worse, to be unaware of the need for it) convenience copies of libraries should not be used in Debian (to the extent possible[2]), hopefully through the use of upstream-supported compilation options. [The option to use a system library can of course be disabled by default.] Don Armstrong 1: For those not familiar; our stable release remains static over its lifetime, with the primary exception of changes to fix security issues (and fairly rarely, major bugs which weren't caught before the release.) 2: In the cases where it's not possible, the Debian Security Team needs to be made aware of this fact, and the maintainers of packages with convenince copies need to track bugs in the package(s) of which they use convenience copies. -- But if, after all, we are on the wrong track, what then? Only dissapointed human hopes, nothing more. And even if we perish, what will it matter in the endless cycles of eternity? -- Fridtjof Nansen _Farthest North_ p152 http://www.donarmstrong.com http://rzlab.ucr.edu _______________________________________________ DBD-SQLite mailing list [email protected] http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/dbd-sqlite
