2016-09-30 6:31 GMT-03:00 Jaroslaw Staniek <stan...@kde.org>: > > Dear Debian contributors, > I am maintainer of Kexi, one of Calligra apps. > I've just noticed that in Debian stable Jessi the recent Calligra is 2.8.5 > which is 13 releases old. There are no updates to 2.8.7, and zero updates to > 2.9.*. > > 2.8.5 is a July 2014 version. Due to security and stability issues it may be > even better *not* to have this version released at all than receiving > reports and users thinking that's the most recent version (this is my own > opinion). > > When users run, say, a Raspberry, they see that old and unsupported (by us) > version. So here Jessi distributes this unstable software despite many > updates being available. I don't see the same issue with MySQL for example, > which was updated just this month. Maybe a man power issue? > > I have questions then: > - what happens? > - what can be done to fix the situation? > - how to coordinate better? >
Jessie is frozen, I doubt Kexi 2.9 will ever be in 'jessie'. I don't see how MySQL is different, the latest version from upstream is 5.7.15, Jessie has 5.5.52, it was upgraded from 5.5.50 because of a specific security fix. See this for the criteria to get an update in stable: https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable Can you mention specific security bugs that 2.8.5 has? That could justify bringing 2.8.7 in (or backporting the security fixes). And maybe 2.9 could be in the 'jessie-backports' repository. But I wouldn't expect it in 'jessie'. Of course, this is in addition to the possible lack of manpower to do such packaging :) -- Nicolás