Package: release.debian.org Control: affects -1 + src:curl X-Debbugs-Cc: c...@packages.debian.org User: release.debian....@packages.debian.org Usertags: unblock Severity: normal
Please unblock package curl [ Reason ] curl 8.14.0 contains refactored code which will make it harder to maintain 8.13.0 (patch backporting complexity), for this reason, I would like to ship 8.14.0 in trixie. We (the curl maintainers) have been fixing every curl CVE for stable and oldstable since a few years. I'm afraid that shipping 8.13.0 will make it more difficult to keep doing that due to the refactors in 8.14.0. [ Impact ] If this is not accepted: * Higher chances of causing breakages when backporting CVE fixes. * Higher chances of not fixing a CVE due to the backporting risks. [ Tests ] The RC releases for 8.14.0 have been in experimental since 2025-05-02 and no issues were ever spotted, our debci coverage is very good and we tend to report more than one issue per release, so this is a very good sign. [ Risks ] There are a lot of changes, mostly due to the refactor, but both the Debian curl maintainers and upstream are very active, I'm confident we can fix any issues spotted. I don't generally get concerned about breakages with curl releases, since we can easily spot them on debci and upstream is very quick to fix them. The main risk left is that of behavior changes, but when they happen, they are small and it should be fine to have them before trixie is released. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [] attach debdiff against the package in testing [ Other info ] I understand we are in the hard freeze, but this is the best option for trixie's stability and maintenance. curl releases are so good, and with such a track record of being good, that they get very close to LTS releases of other projects. 8.14.0 will be released this Wednesday (2025-05-28), we currently ship RC3 in experimental. If this is approved, I will upload the RC release to unstable (and then the GA release). If this is approved after the GA release, I will upload it to unstable directly. This link shows the delta between 8.13.0 and 8.14.0-RC3: https://github.com/curl/curl/compare/curl-8_13_0...rc-8_14_0-3 unblock curl/8.14.0-1 -- Samuel Henrique <samueloph>
