Hi intrigeri, On 2017-09-20 11:26 AM, intrigeri wrote: >> My only concern is what to do when those new rules are stalled >> waiting on review? Could they be integrated to the Debian version while >> waiting for the official merge? If yes, I think that's the best of both >> worlds. > > For the record I generally don't wait for upstream to review'n'merge > before I apply fixes to AppArmor policy in Debian packages I maintain: > the "upstream first" moto does matter to me, but in practice I define > it as "submit upstream first and then upload to Debian" rather than as > "wait for upstream to ACK my proposed changes before fixing the > problem our users are complaining about". So yeah, I think we can > definitely have the best of both worlds :) > > Now, wrt. Thunderbird specifically: so far, AFAIK the maintainers of > src:icedove in Debian haven't bothered taking stuff from upstream's > apparmor-profiles.git directly. Instead, they are kind enough to apply > any reasonable update we (= mostly Ulrike, but I'm sure she would not > mind if you and I gave her a hand) ask them to take. > > So I would suggest we forward them any update we think should go in > Debian, as soon as we've submitted it upstream, without waiting for > upstream to review. Now, let's keep in mind that these changes will go > straight to Debian *stable* in the next security upload — if I'm not > mistaken). So perhaps a little bit of peer-review would be in order. > For example, assuming one of us three sends a merge request to > Launchpad, as soon as any of the other two ACKs it, we ask the > src:icedove maintainers to take it. I.e. we piggy pack on the existing > upstream review process and tools and save some paperwork. > > Deal?
Sure works for me, thanks for proposing this sensible workflow! Regards, Simon
