On Tue, 08 May 2001, Sam Hartman wrote:
>     Henrique> AFAIK, I cannot do that.  If I build against testing, I
>     Henrique> help the breakage by adding yet another package that
>     Henrique> depends on the outdated libraries that are in testing,
> Or your could do shared library versions correctly so both versions
> can exist.  I realize it is hard, especially if your upstream is not

That's a problem for the library maintainers, currently none of my packages
are libraries. Correct versioning, as specified by the library package, is
already carried over to any packages built against it.

Anyway, avoiding to clobber an old lib in testing is not always possible, or
desirable. Sometimes, old stuff has to be removed due to security holes,
regardless of the fact that the ABI has changed. A serious proposal that
library maintainers start doing backports from unstable security fixes to
testing would die an horrible flaming death quite quickly IMHO.

I won't touch the topic about QA and yet another (unsupported -- it won't be
updated, because the ABI changed) layer of libraries.

If I do not want to get caught in an ABI change, and help a breakage in
testing, I have to build against unstable. It's that simple. If the ABIs of
the libs it depends on didn't change, the package will make it to testing.
If the ABIs changed, it won't (I am supposing the library package is doing
things right on the .so versioning, shlib definitions and package naming
area).

AFAIK, testing is supposed to be a half-baked frozen distro. Its existance
should be as transparent as possible for the developers, and help the
deployment of the next stable distro by shortening the freeze time.  It's
NOT an always-safe distro, nor is it meant to be. It is not a very secure
distro either because there are extra delays for a security fix to get to
testing.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Attachment: pgphmi0PYHcjG.pgp
Description: PGP signature

Reply via email to