On Sun, Oct 17, 2021 at 12:38 PM Mark Phippard <markp...@gmail.com> wrote:
> On Sun, Oct 17, 2021 at 11:01 AM Nathan Hartman > <hartman.nat...@gmail.com> wrote: > > > > On Sat, Oct 16, 2021 at 9:25 AM Mark Phippard <markp...@gmail.com> > wrote: > > > > > > In terms of the policy, I think it should be that our latest LTS > > > release must be available. If they have other packages available that > > > is fine but the latest LTS must be one of them. In terms of the types > > > of exceptions I could envision, perhaps we will discover it is really > > > difficult to package the latest LTS for certain older distros and so > > > they need to provide an older version. I would be OK with an exception > > > like this but I would prefer to have the packagers raise it to us. > > > > > > Mark > > > > > > I'm not opposed to this, but it might be a little tricky for OS > > distros that freeze package versions. Debian for example. I haven't > > checked what the current stable (bullseye) has, but I'm still on the > > oldstable (buster) which supplies 1.10.x. I'm running a recent trunk > > build though, heh heh :-) > > > > I'm not proposing an exception (and I'm not a packager); rather I'm > > suggesting to consider a package compliant as long as it was a > > supported LTS release at the time of the packager's version freeze > > and security issues continue to be patched. > > My feeling is that our policy should focus on the situation where we > are linking to an external website where the user downloads some > package from them. For the Linux/BSD distros, and even Homebrew and > MacPorts on MacOS, we are just telling the user that these package > managers offer Subversion and maybe we list the commands to run in > order to install the package. I do not think we need to police the > version as heavily in this case. Especially with the Linux distros > since they selectively backport patches so their version never > perfectly matches ours and the distro provides support for their > packages. +1 That said, the only problematic links on our current page are the ones > from CollabNet and WanDisco. I have not verified WanDisco I am just > taking the word of the people in this thread. Given that both of these > were vendors trying to sell support and requiring registration to even > get the download, I think we should just remove all of those links. If > either of them ask to be put back we can tell them the requirement is > that they offer the latest LTS version. Would it make sense to give them a heads up before removing the links in case they would like to release newer packages and remain on the list? Cheers, Nathan