Calligra stable releases not in Debian stable Jessi

[Nicolás Alvarez]

2016-09-30 6:31 GMT-03:00 Jaroslaw Staniek <staniek at kde.org>:
>
> Dear Debian contributors,
> I am maintainer of Kexi, one of Calligra apps.
> I've just noticed that in Debian stable Jessi the recent Calligra is 2.8.5
> which is 13 releases old. There are no updates to 2.8.7, and zero updates to
> 2.9.*.
>
> 2.8.5 is a July 2014 version. Due to security and stability issues it may be
> even better *not* to have this version released at all than receiving
> reports and users thinking that's the most recent version (this is my own
> opinion).
>
> When users run, say, a Raspberry, they see that old and unsupported (by us)
> version. So here Jessi distributes this unstable software despite many
> updates being available. I don't see the same issue with MySQL for example,
> which was updated just this month. Maybe a man power issue?
>
> I have questions then:
> - what happens?
> - what can be done to fix the situation?
> - how to coordinate better?
>

Jessie is frozen, I doubt Kexi 2.9 will ever be in 'jessie'. I don't
see how MySQL is different, the latest version from upstream is
5.7.15, Jessie has 5.5.52, it was upgraded from 5.5.50 because of a
specific security fix.

See this for the criteria to get an update in stable:
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

Can you mention specific security bugs that 2.8.5 has? That could
justify bringing 2.8.7 in (or backporting the security fixes).

And maybe 2.9 could be in the 'jessie-backports' repository. But I
wouldn't expect it in 'jessie'.


Of course, this is in addition to the possible lack of manpower to do
such packaging :)

-- 
Nicolás