hi, (this started as a discussion whether to update radare2 in (old)stable and has since then evolved into a discussion about the problem summarized well by Raphael.)
On Thu, Aug 29, 2019 at 01:48:14PM +0200, Raphael Hertzog wrote:
> On Thu, 29 Aug 2019, Moritz Mühlenhoff wrote:
> > The upstream link makes it sound as if they are one of those upstreams
> > which reject the idea of distributions shipping an older release to
> > a stable distro. For a tool like radare2 that seems fair enough, so
> > how about simply excluding it from stable releases (and retroactively
> > drop it from Buster/Stretch in the forthcoming point releases)?
>
> <pkg-security hat>
> While I have no problem in getting it out of stable release, it is
> important that we are able to provide backports so the package must
> stay in Debian testing.
> </pkg-security hat>
>
> <kali hat>
> Also radare2 is a package that we care about in Kali and we are based
> on Debian testing so we would prefer if it could continue to be there.
> </kali hat>
>
> In general, we (Debian) don't have a good answer to this problem and
> virtualbox is clearly a bad precedent. We really need to find a solution
> to this in concertation with the release managers.
so I've added them to this thread.
youtube-dl is in the same boat...
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
