On Wed, 23 Jul 2003, Luca - De Whiskey's - De Vitis wrote: > On Wed, Jul 23, 2003 at 11:57:54AM +0200, Fabio Massimo Di Nitto wrote: > > > > http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security > > > > in particular "5.8.5.3 Preparing packages to address security issues" > > It doesn't answare my question. I should explain my self in a different way. > > My point is: i understand what said in that paragraph, but what if new version > is a bugfix release that does not address only a secutiry issue? I'm not sure > that system administrators would like to have a buggy package on their hosts > with a security bug fixed, but with many other open nasty bugs. > > Why that package has nusty bugs? Of course because they where reported after > woody > release.
Because you can never be sure that it will not change the package behaviour in all its small details and that will not introduce new bugs. (note that i kept the list short for the simple reason that there several different examples that can be done according to which package you are talking about) > Let me bring the specific case into the discussion. phpgroupware in woody is > a 0.9.14 > Release Candidate 3 (which was a feature-freeze release for testing): that > package got really a lot of bug fixed and there is now a 0.9.14.006 which is a > 0.9.14 in all aspects. 0.9.14.006 neither have new features nor different > behaviour: only bugs fixed. Probably in the specific case it can apply but this is not true for all packages. Policy/developer-references have to carry the most generic case as possible, as a best/current practise. > "5.5.1 Special case: uploads to the stable distribution" says: > > ------------------------------------------------------------------------------ > Basically, a package should only be uploaded to stable if one of the following > happens: > > * a truly critical functionality problem > > * the package becomes uninstallable > > * a released architecture lacks the package > ------------------------------------------------------------------------------ > > and > > ------------------------------------------------------------------------------ > It is discouraged to change anything else in the package that isn't important, > because even trivial fixes can cause bugs later on. > ------------------------------------------------------------------------------ > > IMHO, these points should be relaxed while speaking about bugfix package > release. If you will relax these points you will loose the meaning of having stable/testing/unstable. Everyone will be encourged to upload to stable to fix even the most insignificant whishlist bug. Fabio -- Our mission: make IPv6 the default IP protocol "We are on a mission from God" - Elwood Blues http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html
