tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: pkgsrc/www/firefox

On Fri, Sep 20, 2013 at 09:59:37PM +0900, Izumi Tsutsui wrote:
> > > Updating leaf package should be approved in advance?
> > > I have never heard such rule for frozen pkgsrc.
> > 
> > Well, we encourage people to ask in advance in general - and I would
> > have expected some mail before updating an important package like
> > this, 5 days into a freeze.
> Your claim seems completely invalid and just discourages developers.
> Such expection will never work without rules.

I apologise then - it certainly wasn't intended that way.

But... rules - I disagree with that.

The trouble with updating packages is that each one is different. 
Some fall into obvious categories, others are not quite as clear-cut. 
And we've always struggled for a way to specify things clearly. 
What's obvious from this firefox update is that we haven't succeeded. 
It's also the reason we ask developers to use their judgement - if
it's going to impact others, then please ask, or let people know in
advance. I'm sure you'll agree that the fewer surprises we get, the
> - no definition of "important packages like this"

if you disagree that firefox is an important package, then I don't
know what I can do to find common ground.  If you think that a
definition is needed, then we could probably do these (and to a
certain extent, dholland has done some of that with the common
packages he specifies, but, again, most people will disagree on

> - firefox adopts the fast release cycle and the release date had been
>   scheduled so sometimes it couldn't happen before freeze

indeed, and it's good to get things like that in. But maybe we shouldn't
put all of our eggs in one basket - do we have room for a firefox and a
firefox-stable package? or a firefox-newest, or firefox-devel?

> - firefox 24 includes many security fixes

which is good, yes

> - no security fixes will be provided for the older versions and
>   most users want a new and fixed version rather than
>   obsolete one with known security problems

what's firefox's expectations from their userbase about updating?
It's not like chrome, which has an automatic update builtin, so they
must take care of the installed base.

> - many other package systems also allow "major" upgrade of firefox
>   even on "stable" branches

I can't speak for other packaging systems, and neither do I want to
cause work for developers. AT the same time, I don't think it's too
much to ask for advance warning of intended upgrades.

> - ryoon@ is almost the only active developer working on www/firefox

Yes, which is why, when you said above about discouraging people, I
got worried. I certainly hope I haven't really done that?
> > I see the leaf/non-leaf part is guidance, not a hard
> > and fast rule.
> Then you should provide written rules.
> (probably pkgsrc also needs package Tier-ing like NetBSD ports)

I know the joyent people have up to date information about downloaded
binary packages, and we should be able to get the same from Minix3 too.
The pkgsurvey results are around for anyone to analyse if they want, too.

But I believe that anything beyond that is a matter for personal taste,
use case, work requirements, developer history, even matters of previous
dealings with authors, etc.


Home | Main Index | Thread Index | Old Index