[webkit-gtk] About the policy of (non) updating minimum build-dependencies

Carlos Alberto Lopez Perez clopez at igalia.com
Tue Aug 30 08:21:44 PDT 2016

On 22/07/16 05:00, Michael Catanzaro wrote:
> On Thu, 2016-07-21 at 22:04 +0200, Carlos Alberto Lopez Perez wrote:
>> Debian is already taking our updates: WebKitGTK+ 2.12 is available on
>> the backports repository for stable.
> This hardly counts. Users don't realize the only safe way to use WebKit
> is to enable the backports repository.... I gave some comments on
> Debian's policy at [1] (scroll down to the Debian heading) which is
> good enough for me, as I'm not a Debian developer.
> Regardless, you're right, I'm pretty sure your suggested policy is
> better than mine. I would tweak it slightly:
>  * We support each major Debian version until one year after the
> release of the next major version.
>  * We support each Ubuntu LTS until one year after the release of the
> next Ubuntu LTS.
> In practice, it means we don't depend on anything newer than about
> three years old, whereas with your original proposal it would be about
> two years. This makes it possible for distros to do security updates
> for while longer. Sound good?

If Debian releases a stable version at the same time than Ubuntu LTS,
then with my original proposal, it could happen that our policy would
allow to drop support for a version of some dependencies that was only
released 2-3 years ago.

The thing is that Ubuntu releases the LTS on even years, meanwhile
Debian (lately) does that in odd years. But meanwhile Ubuntu guarantees
a release date, Debian does not. So there is still a small risk of both
releasing on the same year.

So I think that your suggestion is reasonable. It ensures that the
minimum age of any dependency will be at least 3 years, and that
developers using webkitgtk+ will have at least one year to upgrade to
the next version of their distro.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <https://lists.webkit.org/pipermail/webkit-gtk/attachments/20160830/f876e81a/attachment.sig>

More information about the webkit-gtk mailing list