On 10/01/2017 11:50 PM, Matthias Klose wrote: > On 01.10.2017 21:33, Thomas Goirand wrote: >> On 10/01/2017 09:47 AM, Ghislain Vaillant wrote: >>> Besides, rrom an end-user perspective, I can't picture anyone preferring >>> the (potentially lagging) packaged version over more official means like >>> the Jetbrains app or the snap package, both of which have been good at >>> keeping up with updates. >> >> I definitively prefer a Debian package in main, even if it is "lagging >> behind" as you said. For such a thing as an IDE, I expect it to be >> mature enough so that the older version is enough for the everyday use. >> And I would feel safer than using any random snap package. Who knows >> what security issue is in there and what security policy and procedure >> (if any) is in place. > > who says that a "lagging behind" package doesn't have any security issues? If > the package is lagging behind, how do you know that security updates aren't > lagging behind either...
As this is Debian, I do expect that at least, I can read the security tracker to see the current status. For a snap package, I wouldn't know how to audit it. > Do you want point users to the five year lagging behind eclipse package in > Debian? Why 5 years? We do release stable approx every 2.5 years... Cheers, Thomas Goirand (zigo)
