On 26.11.2007 09:54, Patrice Dumas wrote:
On Mon, Nov 26, 2007 at 06:40:26AM +0100, Thorsten Leemhuis wrote:
> If there are no other way around that, yes, then it IMHO is allowed, if
> you make sure other packages that depend on your ABI get updated/rebuild
> the same time. Ohh, and sending out a "heads up" to users and developers
> beforehand and when the update actually hits the proper repos as well
> would be good.
This seems to be a bit dangerous, in case a new version of the dependent
software or library is needed for th enew API. Otherwise said this could
lead to a forced update of the other packages that depend on that
library. This seems to me to be quite problematic, and not something we
should do.
Sure it's dangerous and problematic -- but it's IMHO still way better
then to not ship a package just for hypothetical situation where a major
update might be the only way forward if a security issues comes up.
Besides: if we want to update for non-security reasons we can provide
compat packages as well, which should solve parts of the problem.
CU
knurd