Hi, On Thu, Aug 03, 2023 at 01:28:44AM +0200, Tom Payne wrote: > I, and chezmoi's users, would love for chezmoi to be included in Debian. > There's an existing Debian bug for this > <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012721>, and an existing > issue in the chezmoi repo <https://github.com/twpayne/chezmoi/issues/2130>.
As per the Bug report, Ryan is working on it so I've kept them in CC. > What is tricky is that chezmoi has regular releases > <https://www.chezmoi.io/reference/release-history/> (roughly, a minor > version every two weeks), including fixing security problems Are security problems relatively frequent? If so, do note that the debian release cycle may have quirks with the same. Debian is released once in ~2 years and the stable version needs support for ~3 years. Except for very urgent cases, packages are not updated in stable. If a security bug hits the version in stable, do you find it a possibility to support backporting security patches? > and updating > dependencies, that make it effectively impossible for Debian packaging to > follow. Are _major_ version changes in the dependencies a frequent occurence? > Would you consider accepting chezmoi as a vendored package, as happened > with Kubernetes > <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971515#172>? I find it unlikely but I think a mix of vendored libs and system packages can make it work. Many packages follow similar methods. Best, Nilesh
signature.asc
Description: PGP signature
