> Ok so there is a bug to fix in e17, what do you do ? I report it to upstream team (on irc or on the ML)
> Or a security issue like the one I found ( and that should be fixed I > hope soon, after reporting it 3 times upstream ). Same way, report it upstream. If upstream don't fix a bug (or security issue), this bug isn't fixed. unless packager become a dev and fix the bug himself. > if the answer is "we ship a newer snapshot who requires to rebuild > everything regarding e17 because there is no guarantee of binary > stability ( ie, ABI wise ) and that will introduce unwanted changes", > then the problem is here. I was thinking about something like this. > Unless the snapshot are bugfixes only ( and they are not ), that's a > problem. That's already annoying to have to do it for chrome, firefox > and thunderbird to not happily increase our burden with a whole desktop > environnement. Without stable release, and upstream team doing fix release. I don't know how to do manage package. > So far, I have asked the question 3 times. No one answered at all. I hope it's done this time. > Also, please do not top post. Sorry, will try ... So, yes, there isn't any way to manage bug/security issue in a very easy way when upstream team don't provide stable tarball. So, what is the mageia policy in this case ? no packaging at all ? "private" packaging ? regards, trem