(extending the discussion to the ML of the Debian packaging team in
the Debian project. Sorry for the extensive quote)
Simo Sorce in samba|samba-technical:
> Dear users,
> I have uploaded the new 3.0.25a packages compiled for sarge.
> At the same time I have removed older 2.2.x and 3.0.x packages for
> Woody.
> Support for back porting packages to Woody was already discontinued, but
> older packages were still provided. As these packages were not updated
> after the recent security issues, I decided to remove them to avoid
> pushing people to use outdated and insecure packages with the believe
> they are ok because they are hosted on samba.org
> I am looking to see if I have time to start publishing packages for
> Etch, I am undecided yet, and I may discontinue this service. If someone
> is highly motivated and wants to give a hand, please contact me
> privately.
> Simo.
> --
> Simo Sorce
> Samba Team GPL Compliance Officer
> email: idra@samba.org
> http://samba.org
Simo, we already discussed this at SambaXP but why not try to merge
the efforts of the Debian packaging "team" for samba and
yours/upstream ones?
Of course, everybody knows about the policy in Debian to not update
software in stable. That policy means that we're stuck with 3.0.24 in
Etch (indeed, we're still working on an update to fix regressions
after the two already published security fixes....).
However, it does not prevent us to work on the backportability of the
packages we build for the next Debian release.
What would IMHO be pretty easy to do is:
- reduce the number of Debian "specific" patches we use in the Debian
packages. Ideally, down to 0...:-)
- check what specific changes you use yourself in the deb packages
published by the Samba Team and decide whether we can incorporate
them in the Debian packages. I suspect you indeed make as few
changes as possible, if any. After all, *you* are upstream
- keep Debian packages in unstable backportable to Etch (they are
right now)
All this should make both packaging styles to converge together and,
ideally, the DEB files published on samba.org could then be simple
backports of the packages in Debian unstable.
The major obstacle to this are the patches we use. Just after SambaXP,
I and Steve Langasek examined all of them and commented them. Several
are marked "forward upstream" so it's just a matter of time for us
to
recover from the recent security fixes/release hype (and the
associated bug reports mini-flood) and come back at you discussing
about these patches.
Side effect of this: the Ubuntu packages would also converge and that
would probably help providing up-to-dat packages for earlier Ubuntu
releases. Currently, the Ubuntu packages are essentially derived from
the Debian ones with no (IIRC) patch to source code.