On Wed, May 03, 2017 at 12:27:00PM +0000, u wrote: > Currently, the design of the software makes the package very often > unusable, as soon as TorBrowser upstream gets signed with a different > OpenPGP key or the SSL certificate of the server changes. This is not > reliable and normal users will be unable to workaround these issues > themselves.
I don't see why uploading to stable-security to fix these issues (=changing a GPG key or SSL cert) ain't possible, but this is certainly your call. > It'll be easier and safer to provide up-to-date versions to users using > stable-backports. This shall be documented on the Debian wiki. So you are assuming the above will change in the future? Because, stable-backports is only for packages which will be included in the next release… Also the fact that you neglected the current jessie-backports package (it's broken since months) is not setting a good example for future backports… (backports admins really dont like it…) All this also means that I'll drop most tests from https://jenkins.debian.net/view/torbrowser/ - except those testing installation in unstable and from unstable (on testing and stable) and from git. (The failing tests constantly send emails, which is what bothers me here.) -- cheers, Holger
signature.asc
Description: Digital signature