On Mon, Oct 13, 2014 at 11:33:11PM -0400, Simon Fondrie-Teitler wrote: > I should have posted that 0.6.1 is now in new (thanks Asheesh!). > https://ftp-master.debian.org/new/mediagoblin_0.6.1+dfsg1-1.html
That is great news indeed! Thanks Asheesh! > In terms of Jessie, I'm actually not aiming to get it in, and either > Asheesh or I will probably file an RC bug to prevent it from migrating > to testing. Upstream is not planning on supporting either 0.6.1 or 0.7.1 > for the next few years, and I can't commit to providing security > support. I do welcome the thoughts of others on this issue though. Has the upstream indicated that they plan on doing long term support on some later version? If so, then OK, I agree it might be good idea to wait for that (even if we miss Jessie). If not, then I'd assume it would be like with vast majority of other packages - only last version ever gets fixes ("perpetual development" model). If you're lucky, some packages have a practice that the most important fixes might be released as new point release (or two) for last "stable" version, but that support (when available) is also usually measured in at most months, and certainly not years. If the current development model of mediagoblin is any indication of future, it will follow the same path: you'll get minor bugfix from 0.6.0 to 0.6.1, but next one will be major 0.7.0, and after that it would be end of support for 0.6.x. Same will probably be with 0.7.0 -> 0.7.1 -> 0.8.0, etc. What am I getting at, is that most packages work that way (without providing LTS), and yet they're readily available in Debian Testing and Stable. Blocking mediagoblin until upstream commits to LTS would probably result in mediagoblin never getting into stable, which I think would be great shame, as I think (especially due to its distributed nature) mediagoblin would suffer greatly if it is not available easily as prepared package in distributions - most people will never even consider "wget/unpack/get and build dependencies/compile/install" route. So I'd ask Asheesh and you to reconsider allowing mediagoblin in Jessie. If there are any (security or otherwise) bugs you think are preventing it NOW from entering testing, by all means do voice your concerns, so others (like myself) might try to help. But I do not think abstract fear of the possible future should be RC bug... And if/when security bugs happen later in the cycle, I'd like to help too. I'm no great python hacker (perl is more of my forte), but I do manage around, and I think I could be of help backporting security fixes if needed. But, as words are cheap, I'll show some git work on mediagoblin in next week. -- Opinions above are GNU-copylefted. -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141014133836.gb13...@c3po.home.lan