On 2013-03-11 10:18, Tomasz Muras wrote:
On 03/11/2013 10:49 AM, Didier 'OdyX' Raboud wrote:
a) we fail at releasing Moodle updates to unstable in a timely
manner (and I
have my share of the fault here);
b) we consequently fail at releasing Moodle security updates to
wheezy in a
timely manner (this unblock is opened for almost two months);
c) Moodle 2.2 is already not supported anymore by Moodle HQ for
anything (not
even security), according to [0];
Furthermore on that point, as far as I can see, there is noone
taking
responsibility to handle Moodle 2.2 security on the long term
(Moodle in
Wheezy will need to be security-handled for roughly three years,
yet it is
_already_ not supported).
d) there is (in my opinion) not enough people behind the maintenance
of
Moodle-in-Debian: Thomas is a good DM, but he's mostly alone,
and I'm not
willing to get more involved.
So as much as I find that unfortunate, I think that the best
solution for all
of Moodle, Moodle-in-Debian and Debian, is to not ship Moodle 2.2 in
Wheezy.
Thomasz, as you're the actual de-facto maintainer, please voice your
opinion
as I have voiced mine: the decision is in the hands of the Release
Team I
guess.
I have exactly the same concerns. Security fixes has been released
for Moodle 2.2 today. I could cherry pick the patches and we could
close this bug - not a big deal. They will probably be another
security update for Moodle this year but that's it.
Realistically speaking there is no way I can maintain security fixes
for non-supported (by upstream) software this size.
I have put Moodle 2.2 into Wheezy as that's the only possible upgrade
path for Moodle (1.9 -> 2.2 -> 2.3+).
By not shipping 2.2 in wheezy, we will break the upgrades for any
current users. I don't see any other option though. There are talks
in
Moodle about making LTS version (e.g. 2.6LTS) - and that's probably
the only reasonable way to maintain a high quality package like this
in Debian.
We have found this elsewhere too (e.g. mediawiki, where they are moving
to a six-month cycle but adding LTS releases for distributions).
+1 for not shipping 2.2, breaking the upgrade path for this package,
start from 2.5 (or higher) in unstable and provide Moodle LTS
editions
in Debian stable only.
Just to clarify before I do it: stable stays as it is; remove moodle
from Wheezy and you will work on the basis of getting 2.5 into Jessie?
Intermediate versions can always go into backports of course.
It is indeed unfortunate, but carrying security support on our own for
that long does make me nervous.
Thanks,
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
<directhex> i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
