On Mon, Aug 2, 2010 at 7:35 PM, Ryan Lane rlane32@gmail.com wrote:
Are they also backporting security fixes for all extensions as well?
I would assume that Debian, ideally, applies security patches for extensions they distribute themselves. Programs a user has installed outside the Debian system are always going to be the responsibility of the user.
Of course, if Debian upgraded their "stable" version of Mediawiki to the newest version, and my production server was running a custom extension that only worked with the previous version of Mediawiki that Debian called "stable", I'd be pissed.
If Debian doesn't feel they should keep supported versions in their repos, maybe they shouldn't distribute MediaWiki.
That is, seriously, an absurd attitude for a Mediawiki Developer to have. It reflects a fundamental misunderstanding of the meaning of Debian's "stable version" system.
Note that Debian stood up to Mozilla corp. when Mozilla attempted to stop Debian uploading security patches to stable versions [1]. Surely Mediawiki would have much less persuasive power telling them to stop.
I'm exiting of this discussion at this point. I've made the point I wanted to make, compelling or not, and I'm afraid I'm drifting off topic.
- Carl
[1]: http://en.wikipedia.org/wiki/Mozilla_Corporation_software_rebranded_by_the_D...