On Wed, Mar 21, 2001 at 10:37:56AM -0500, Ben Collins wrote: > Remember that the majority of uploads to stable are done by the security > team and the buildd's. I don't think this is a lot of effort for the > maintainers, since it isn't done often enough to be cumbersome, like it > would have been for "frozen unstable" uploads.
Well this hasn't been the case in my experience. Most of the security problems that has occured in my packages resulted in uploads by myself, not the security team. > Think of a base system. If things are allowed to continue this way, it > means the base system will be comprised of a lot of different versions > of the same library. That makes a base install larger This is a different issue. Besides, you won't solve it by gettint people to do different uploads since they can compile both on stable (some developers only run stable machines immediately after a release). What you need to here is to file bug reports against packages that compile against obsolete sonames. > This isn't about keeping old libraries around. For one, people can > always get it from the old dist, or they will just keep it installed and > not remove it. This is about the libraries required by Debian packages > themselves. New uploads should always strive to be built agains the > latest packages, to reduce the dependency chain in the dist, and > increase integrity of the compile base. But you won't solve the soname problem by doing this since uploading to unstable doesn't mean that the package was actually compiled on unstable. Personally bug reports have been just fine in solving this problem. And as I said in my previous message, for libraries with the soname (like glibc), you do want to test it against old -dev packages to ensure binary compatibility. -- Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
