Tomboy for FC6 not being updated... why?

Ralf Corsepius rc040203 at freenet.de
Fri Jul 13 06:24:38 UTC 2007


On Thu, 2007-07-12 at 13:31 -0400, Christopher Aillon wrote:
> Ralf Corsepius wrote:
> > On Thu, 2007-07-12 at 09:52 -0400, Jesse Keating wrote:
> >> On Thursday 12 July 2007 09:43:08 Jon Ciesla wrote:
> >> > My understanding was that updates, both security-related and
> >> > non-security-related would continue for F-N until F-N+1 was released.  At
> >> > that point, F-N would join F-N-1 in a security-only mode until EOL.
> >> > People expect churn on Fedora, so stay on the bleeding edge (not so
> >> > bleeding as rawhide, mind you). Is that not correct?
> >> 
> >> Well, since the old end of life was F-N+2 Test2, we talked about making /that/ 
> >> the security only point and the no new packages point.
> > Well, IMO, Fedora's purpose should be "stable while following upstream
> > without API/ABI breakages of existing packages". 
> 
> But we also practice don't fix what isn't broken.
Well, ... the crucial point about this is the definition of
"brokenness".

In practice, many packages contain many (mostly unknown) tiny bugs,
which only hit (and limit a package's usability) on occasion. In most
cases, they are gradually being addressed/fixed by upstream and/or a
package's Fedora maintainer.

The point we are discussing here is: When and how to propagate these
fixes to current users? 

A responsibly acting maintainer will balance between tradeoffs.
In some cases (seemingly most of mine) pushing updates immediately is
possible, in some cases, other issues will outweigh a bugfix.

As a user, to me, the nagging cases however are those Fedora maintainers
who claim to have fixed bugs "rawhide"/"upstream", even in obvious
cases, without having released new packages. 
To put it bluntly, I consider these maintainers to be acting grossly
negligent and them to be harmful to Fedora.

>   This is one of the 
> reasons we don't force mass rebuilds of all packages for each release: 
> packages are a known quantity and changing them might fix some bugs but 
> break other things.  I get this in Firefox updates all the time, and 
> those _are_ security fixes.  I'd bet other packages do as well.

This doesn't apply to the packages I maintain. For them, it's primarily
"upstream finds+fixes bugs", no Fedora user has ever reported and fixes
them as part of their on-going upstream development flow (in many cases
in "very simple and obvious" manners).

> If someone files a bug which happens to be fixed in the latest stable 
> upstream, feel free to take the version bump if you think it's right.
Right, IMO, "Trying to fix what's known to be broken ASAP" should be the
default policy, but maintainers acting responsibly also should be taken
for granted. 

> But don't simply assume that users are seeing the bug when the version 
> bump can introduce more problems than it fixes (how many times have we 
> seen various upstreams make a release only to follow it up with a new 
> release the next day to correct "serious problems"?
Right, but .. judging upon upstream development and letting upstream
work flow back into Fedora in reasonable manners should be a package's
maintainer's task and responsibility.

Changing the workflow in such a way that "Fedora should receive security
updates only" would be silly, IMO.

>   updates-testing 
> helps here, but that assumes that users of your package use 
> updates-testing which we cannot guarantee).
My opinion on "testing" probably is known ;)

Ralf





More information about the fedora-devel-list mailing list