Package: release.debian.org Severity: normal X-Debbugs-Cc: flat...@packages.debian.org Control: affects -1 + src:flatpak User: release.debian....@packages.debian.org Usertags: unblock
[ Reason ]
New upstream bugfix release with fixes for crashes, performance issues
and usability.
This is somewhat larger than I would normally expect a bugfix release to
be, but everything in it seems desirable for Debian 13. Upstream has now
branched for 1.16.x, so we can expect subsequent bug fix releases to be
smaller, with new development happening on the 1.17.x branch for
eventual inclusion in forky.
I am an upstream maintainer (although I have not been particularly
active recently) so I can push back against any changes that the release
team objects to. Please let me know if there are any.
[ Impact ]
If we don't take this, we won't be able to track 1.16.x for subsequent
bug fix and security fix releases (which I expect to be considerably
smaller!) during the lifetime of trixie.
[ Tests ]
There is a relatively thorough test suite, which is exercised by
autopkgtest and ci.debian.net. I also did some brief manual testing,
which was successful.
[ Risks ]
This is probably a key package? (or close to being one) and is high
visibility, but because of its interactions with third-party software it
strongly benefits from keeping up with upstream, and we have
successfully used upstream stable releases for our stable updates since
at least Debian 10.
The change to look for OCI certificates in /etc/containers/certs.d
(common/flatpak-oci-registry.c, common/flatpak-utils-http.c) is the
noisiest and therefore highest-risk, but is on a code path that is not
used in practice by users of Debian and Flathub; the only significant
user of Flatpak-over-OCI that I'm aware of is Fedora, and there is
little reason for a Debian user to install Fedora's runtimes or apps.
Ordinary Flatpak repositories like Flathub use libostree rather than OCI
for runtime and app downloads.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
(lightly filtered, see header)
[ Other info ]
As with Debian 10-12, I'm aiming to follow the 1.16.x stable branch
during the Debian 13 cycle.
unblock flatpak/1.16.1-1
flatpak_1.16.1-1.diff.gz
Description: application/gzip
