On Sun, May 22, 2005 at 02:08:48PM +0200, Alexander Sack wrote: > > The question is, how can we be proactive about identifying the classes of > > changes that do or don't break these packages, so that mozilla can be > > checked for compatibility at the time of upload instead of having kazehakase > > and enigmail update their conflicts: after the fact?
> Hi Steve, > I think the only way to tell this is to introspect the diff from 1.7.7 to > 1.7.8. Yes; question is, what are people supposed to look for? :) > So what about enigmail? I can prepare a rebuild today? But how can we adjust > the > depends in such a way that we can upload a fixed mozilla (given that we > validated changes for incompatibility) the next time without having to care > for > enigmail and kazehakase too? At this point, I don't believe there is a way to upload enigmail that will avoid having to do another upload again for mozilla 1.7.9... This is a question for long-term strategizing of mozilla maintenance, not something that I expect to solve the problems for sarge. :) > I would suggest that I relax the dependency for enigmail on mozilla (and on > thunderbird) so it matches all 1.7.x (1.0.x) versions? Of course, we would > have > to agree that the mozilla maintainer will check and maybe discuss the patch > applied before uploading a security-fix the next time. Unfortunately, I'm not confident that it's safe to relax enigmail's dependency this much, either. This is the problem with having dependent packages conflict with future versions, instead of having the dependency package (here, mozilla) declare an interface that the other packages can depend on. So I think the best we can do here is mozilla-enigmail Depends: mozilla-mailnews (>= 2:1.7.7), mozilla-mailnews (<< 2:1.7.8.0). Also, it looks like we again don't have all mozilla locale packages updated for 1.7.8, and mozilla-locale-de-at will also have to be bounced from testing to get the security fix in. :/ -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
