Den mån 18 okt. 2021 kl 03:57 skrev Nathan Hartman <hartman.nat...@gmail.com >:
> On Sun, Oct 17, 2021 at 12:38 PM Mark Phippard <markp...@gmail.com> wrote: > >> On Sun, Oct 17, 2021 at 11:01 AM Nathan Hartman >> <hartman.nat...@gmail.com> wrote: >> > >> > On Sat, Oct 16, 2021 at 9:25 AM Mark Phippard <markp...@gmail.com> >> wrote: >> > > >> > > In terms of the policy, I think it should be that our latest LTS >> > > release must be available. If they have other packages available that >> > > is fine but the latest LTS must be one of them. In terms of the types >> > > of exceptions I could envision, perhaps we will discover it is really >> > > difficult to package the latest LTS for certain older distros and so >> > > they need to provide an older version. I would be OK with an exception >> > > like this but I would prefer to have the packagers raise it to us. >> > > >> > > Mark >> > >> > >> > I'm not opposed to this, but it might be a little tricky for OS >> > distros that freeze package versions. Debian for example. I haven't >> > checked what the current stable (bullseye) has, but I'm still on the >> > oldstable (buster) which supplies 1.10.x. I'm running a recent trunk >> > build though, heh heh :-) >> > >> > I'm not proposing an exception (and I'm not a packager); rather I'm >> > suggesting to consider a package compliant as long as it was a >> > supported LTS release at the time of the packager's version freeze >> > and security issues continue to be patched. >> >> My feeling is that our policy should focus on the situation where we >> are linking to an external website where the user downloads some >> package from them. For the Linux/BSD distros, and even Homebrew and >> MacPorts on MacOS, we are just telling the user that these package >> managers offer Subversion and maybe we list the commands to run in >> order to install the package. I do not think we need to police the >> version as heavily in this case. Especially with the Linux distros >> since they selectively backport patches so their version never >> perfectly matches ours and the distro provides support for their >> packages. > > > +1 > +1 > That said, the only problematic links on our current page are the ones >> from CollabNet and WanDisco. I have not verified WanDisco I am just >> taking the word of the people in this thread. Given that both of these >> were vendors trying to sell support and requiring registration to even >> get the download, I think we should just remove all of those links. If >> either of them ask to be put back we can tell them the requirement is >> that they offer the latest LTS version. > > > Would it make sense to give them a heads up before removing the links in > case they would like to release newer packages and remain on the list? > Yes, if we have any contact channels (I'm not sure about sending to an anonymous info address) and as long as it doesn't violate ASF vendor neutrality. It is about caring for the ecosystem. Nathan, can you do this with the PMC chair hat? Kind regards, Daniel
