On Mon, Feb 22, 2016 at 08:53:39PM +0100, Andreas Enge wrote: > Sorry, Chris, that I bothered you with the state of pumpa; I was so convinced > that you were the packager that I did not even check! I suppose that I have > read too many of your blog posts to planet gnu; whenever I hear "federation" > or "pumpsomething" now, I think of you. > > On Sun, Feb 21, 2016 at 09:42:43AM -0800, Christopher Allan Webber wrote: > > Leo Famulari writes: > > > Apparently QJson's master branch has supported Qt-5 for some time, so I > > > asked the maintainers if that is true, and if they plan to issue a new > > > release [0]. We could try packaging from git. > > > https://github.com/flavio/qjson/issues/49 > > Thanks for the initiative! > > > Sounds good. If they don't make a new release, I think packaging from > > git is the best option. > > I am not a big fan of packaging from non-release versions. Maybe you could > convince upstream that this is enough of an exciting change to make a release, > Leo? In the end, it is probably more interesting and important to get rid > of Qt-4 than to not package from git. But there are still other packages > requiring Qt-4. Maybe we should wait a bit until their number is more > reduced, > and then take a joint decision for the remaining ones.
I agree that packaging non-release versions is not ideal. We may trade one security issue for another, since non-release commits are usually not scrutinized as much by upstream. My plan is to wait a little bit to see if QJson takes action. Another option is to persuade the Pumpa upstream to stop using QJson.
