On Tue, Feb 03, 2026 at 04:30:33PM +0100, Jonas Smedegaard wrote:
If I understand you correctly, then the problem you are trying to address ultimately is, that some projects may need shiny new version 4.0.4 of some library, while others crash with that version and instead need old and boring version 4.0.0 of that same library. I.e. that your proposal to loosen Policy is a way to reach that other ultimate goal.
And, what will happen if there is a critical vulnerability found in Version 4.0.0? Will we continue shipping the vulnerable library in a hundred-and-a-half packages or will we fix all of them? And, who is going to be that "we"?
The problem is not packaging or providing. The problem ist careing for what is shipped.
Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
