On Wed, 23 Jul 2025 at 23:53:58 +0200, Simon Josefsson wrote:
Is it forbidden for packages to exist in unstable and/or experimental
only in Debian?
It is allowed. firefox (the non -esr version) and wine-development are
examples of packages that exist only in unstable (with a RC bug to stop
them from migrating to testing), while libsdl3-mixer and openjk are
examples of packages that exist only in experimental.
Packages that exist in unstable will frequently be picked up by other
distributions and included in their ostensibly stable releases, often
automatically and often ignoring RC bugs (the most obvious example is
Ubuntu universe, which automatically includes every package from Debian
unstable at the time of Ubuntu's freeze unless specifically configured
not to), so I would recommend experimental for this purpose.
While liboqs is not intended for normal production use because of
certain properties, it is useful for its designated purposes of
experiments and testing. I think we somehow conflate these two,
thinking that everything in a Debian stable release MUST be intended for
secure production use.
Debian stable is exactly for production use, and software that is only
suitable for experiments and testing seems out-of-scope for stable, at
least to me. I think we could benefit from having a better place for
software (especially leaf packages) that is compatible with stable, and
intended to be used alongside stable, but is not, itself, stable; or
perhaps that's already fasttrack.debian.net.
If a liboqs maintainer wants to make a trixie-compatible version of
liboqs available, experimental + trixie-fasttrack would be one possible
setup. That's what I'm intending to do for openjk, a game engine that
has never had an upstream release and quite possibly never will.
smcv
