On Mon, 6 Apr 2020 14:53:00 -0400 Greg Wooledge <wool...@eeg.ccf.org> wrote:
> On Mon, Apr 06, 2020 at 08:49:53PM +0200, Alex Mestiashvili wrote: > > Regarding Python and R modules of unknown quality. What quality? Debian > > doesn't magically make any python module better or safer. Debian just > > packages a python module provided by upstream and can possibly provide > > some additional patches and support. > > The main thing you get from Debian is stability -- a given package is > tested quite extensively, at least in theory. If there are bugs or > flaws, they get patched, or mitigated in some way. Very much "in theory". Numerous bugs in the BTS are simply ignored. And why would you assume that they (always? usually?) get patched? Insofar as the bug is not Debian specific, it often (at best) just gets forwarded to upstream, who react to it as they please. I don't think the Debian maintainers will generally fix broken code on their own. Debian does guarantee that really bad things won't happen - if the bug severity is high enough, the package will get booted from Debian / won't make it into Stable, or mitigated in some other way. But simple stability and functionality bugs often stay there for years. Of course, I have great admiration and gratitude for the incredible work that makes Debian what it is. I'm just noting that at least for non-RC and security related bugs, the system does not work nearly as well as it should in theory ;) > Of course the extent of this stability testing depends on the popularity > of the package, so a module that only a hundred people ever use might not > receive as much quality assurance/improvement as, say, xterm does. Indeed. It's just not clear to me that a typical package in Debian will have fewer bugs than the same software downloaded straight from upstream. Celejar
