Quoting Dmitry E. Oboukhov (2026-02-03 16:32:46) > Jonas Smedegaard писал(а) 2026-02-03 18:00: > > > If "not exactly as shipped, including dependencies" is considered > > misrepresentation, then it sounds to me that Debian is reduced to a > > service for compiling and hosting code. > > > > I mean, if a new *revision* of a dependency - i.e. something *expected* > > to not affect the ABI of consuming code - is causing eyebrows or worse > > from upstream, then how about bugfixes and patches that Debian does > > *without* changing version numbers, again because the changes are > > expected to not affect the ABI? > > > > Or what if Debian decides to "fix" a deep dependency to not spy on its > > users - that's arguably not a security bug but still somethig that is > > altering from a do-not-touch-anything-even-in-dependencies stance? > > > > What if... for each and every patch that Debian decides to apply to the > > packages which this appreach intends to bypass? > > > > Why package something in Debian, if you do not expect Debian to mean > > something - some level of governance and tending to the pieces? > > Upstreams are different — what bothers one may not bother > another. We want to be able to bring any of them into Debian. > > If a maintainer brings a bug to upstream, they are certainly > doing upstream a favour, and upstream ought to be grateful. But > the bug must be real, genuine — from upstream's point of view. If > the maintainer brings a bug that is really about Debian using a > different version of a library, upstream may well see that report > as a waste of their time. They may even see such packaging as > discrediting their product. And they may have a point.
You are mixing two things here: Upstream not caring for certain downstream is one thing. They are free to refuse bothering with patches that they see no benefit in applying - the consequence of that is that Debian needs to carry that patch for eternity (we have done that for many years e.g. for the Hurd which some in Debian has cared for while others in Debian and some upstreams would not want to waste any time on). Upstream considering Debian-style use a discredit of their product is another thing. If upstream is not bothered (we carry any needed patches ourselves) but they regardless feel that we are doing something wrong to them - is a problem about the 4 freedoms: Anyone else downstream of Debian choosing to similarly do something odd would be in similar trouble. We would need to steer clear of such projects, if they are not accepting of potentially unusual and divergent use of their product (as long as they are not burdened by the "misuse"). > If we talk about the goal of packaging, the answer is simple: so > that a Debian user can use the product without leaving the > repository. That does not rule out the maintainer fixing > something their own way. There is also benefit in the Debian > maintainer not sending upstream bugs that upstream does not care > about (or sending them with a clear reason, e.g. security). > Upstream then has no > reason to think that Debian/Fedora/etc are breaking their work > and to ask "please do not package my work!". What do "breaking their work" mean? This sounds important to the core values of Debian. > What is the point of Debian packaging? So that the user can > install what is packaged with no extra effort. So that they > have a single place (the Debian bug tracker) to report a problem > in a consistent way, with the maintainer as a layer between the > user and upstream. What does it matter that users have a single place to report issues, if Debian is hampered from fixing the issues? If your counter-argument to that is that Debian of course can fix any issue, then my counter-counter-argument is that fine: We are, today, fixing a certain set of issues by maintaining each upstream project and striving towards tight integration between them, even when upstream chooses a different approach. Convenience code copies *is* in itself an issue, which you here want Debian to "unfix". - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
