Bug#1034526: azure-cli: Better collaboration with upstream
The only official Debian packages are what you find on debian.org and its mirrors, third party repositories are unofficial by definition and ... From upstream's perspective, this is not true, unless you apply the term Debian in the strict sense of "released by the Debian project" and not in the sense of "packaged using Debian's packaging system". Debian packages are not broken, they are working fine, to the extent permitted by extremely broken and messy upstream sources. Due to upstream bugs outside of our control at times some subfeature might not work, but there's nothing we can do about it, there's always something broken in the upstream code. From a user's perspective, this is also untrue: If azure-cli is currently installed from the Debian package repository, it fails on multiple subfeatures. In this context, it's irrelevant if this is "upstream's fault". By releasing the package in the Debian package repositories, one or multiple DDs or DMs have taken (limited) responsibility for the Debian version, and they should make sure the Debian version gets fixed. That is a bit rich, given upstream routinely ignores bug reports, pull requests and so on, to the extent that I have given up even trying. The "azure-sdk-for-python" upstream repository is an absolute disaster of a dumpster fire, with no attempt whatsoever at even a semblance of functional release engineering, which causes enough pain already to us. That may be the case, but this is not visible to users. They will experience a bug in the Debian version, report it upstream, be rebuffed because they had the gall (!!) to use the Debian version instead of the upstream version, and then get redirected to upstream's package repository. Most regular users would think at this point that the fault lies with the Debian project and simply install the upstream version instead. This is a terrible user experience and does absolutely nothing to get broken subfeatures fixed in the Debian packages. Absolutely not, the official Debian packages are following Debian policy and best practices as they should, while upstream is a gigantic mess and a security nightmare, so ask them instead. This may be the case, but taking this stance doesn't get the mess fixed. As is evident in https://github.com/Azure/azure-cli/issues/19640 , upstream doesn't care about what their mess causes downstream, and they will simply continue "fixing" it in their own way. Again: I'm trying to blame Debian Developers for broken packages, I'm trying to request a solution that does not result in a shitty user experience.
Bug#1034526: azure-cli: Better collaboration with upstream
Control: tags -1 wontfix Control: close -1 On Mon, 17 Apr 2023 19:02:54 +0200 Gregor Riepl wrote: > Package: azure-cli > Version: 2.45.0-1 > Severity: important > X-Debbugs-Cc: onit...@gmail.com > > Dear Maintainer, > > Upstream has had lots of bug reports due to discrepancies between the version > packaged in Debian and Ubuntu and Microsoft's own "official" Debian packages: > https://github.com/Azure/azure-cli/issues/19640 The only official Debian packages are what you find on debian.org and its mirrors, third party repositories are unofficial by definition and are to be used at one's own risk, especially like in this case where due to very dubious and poor security practices employed means they are basically attack vectors, that nobody who cares about security of their systems should ever touch. > Virtually all of these bugs were reported upstream instead of the Debian > project, causing fallout on their side, whilst the Debian packages remain > broken. Debian packages are not broken, they are working fine, to the extent permitted by extremely broken and messy upstream sources. Due to upstream bugs outside of our control at times some subfeature might not work, but there's nothing we can do about it, there's always something broken in the upstream code. > Please consider working closer together with upstream to reach the same release > quality, or (possibly) fix the bug reporting channel, so bugs specific to the > Debian version are reported where they belong (i.e. BTS and not upstream's > Github). That is a bit rich, given upstream routinely ignores bug reports, pull requests and so on, to the extent that I have given up even trying. The "azure-sdk-for-python" upstream repository is an absolute disaster of a dumpster fire, with no attempt whatsoever at even a semblance of functional release engineering, which causes enough pain already to us. > As an alternative, please consider renaming the Debian packages, so there is > less ambiguity which version is installed. Absolutely not, the official Debian packages are following Debian policy and best practices as they should, while upstream is a gigantic mess and a security nightmare, so ask them instead. -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#1034526: azure-cli: Better collaboration with upstream
Package: azure-cli Version: 2.45.0-1 Severity: important X-Debbugs-Cc: onit...@gmail.com Dear Maintainer, Upstream has had lots of bug reports due to discrepancies between the version packaged in Debian and Ubuntu and Microsoft's own "official" Debian packages: https://github.com/Azure/azure-cli/issues/19640 Virtually all of these bugs were reported upstream instead of the Debian project, causing fallout on their side, whilst the Debian packages remain broken. Please consider working closer together with upstream to reach the same release quality, or (possibly) fix the bug reporting channel, so bugs specific to the Debian version are reported where they belong (i.e. BTS and not upstream's Github). As an alternative, please consider renaming the Debian packages, so there is less ambiguity which version is installed. Examples of bugs that should have been reported in Debian instead of upstream: https://github.com/Azure/azure-cli/issues/25826 https://github.com/Azure/azure-cli/issues/25950 https://github.com/Azure/azure-cli/issues/25122 https://github.com/Azure/azure-cli/issues/24959 https://github.com/Azure/azure-cli/issues/24656 https://github.com/Azure/azure-cli/issues/24308 Thank you for your consideration. -- System Information: Debian Release: 12.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-security'), (500, 'testing-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-7-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages azure-cli depends on: ii python33.11.2-1+b1 ii python3-azure-cli 2.45.0-1 azure-cli recommends no packages. azure-cli suggests no packages. -- no debconf information
