On Mon, Aug 2, 2010 at 7:06 PM, Carl (CBM) cbm.wikipedia@gmail.com wrote:
I am not a Debian developer, and I agree that sending fixes upstream is good. But surely you're aware that the whole point of "Debian stable" is that it does ***not*** change to newer versions of programs after release, apart from security fixes?
Which means it doesn't get all security fixes either, because nobody announces vulnerabilities or publishes patches for unsupported MediaWiki versions. If a bug occurred only in an old version, it won't be announced. Distributions that try to pretend they can support software for years past the time the vendor stopped supporting it are probably crazy, but then, they're no more crazy than the users who ask for that behavior, and I don't think we're likely to change them.
From #wikimedia-tech a couple years ago:
080511 15:35:42 <Simetrical> mark, why Ubuntu? 080511 15:37:03 <mark> becuase that's what we use for all new servers? :) 080511 15:39:18 <Simetrical> mark, well, yes. What made you decide on Ubuntu? 080511 15:39:28 <mark> it's debian but with predictable release cycles
As for not upstreaming patches, probably the best bet there is for us to give up and just watch the major distro bug trackers ourselves, because I doubt we're going to get the distributors ever reporting anything to us consistently.
On Mon, Aug 2, 2010 at 7:17 PM, Edward Z. Yang ezyang@mit.edu wrote:
However, upstream developers are often guilty of ignoring a distribution's needs, so it goes both ways.
I spoke with the Fedora maintainer of MediaWiki some time ago pretty extensively about his hacks to MediaWiki, particularly the way he moved all files around without understanding what he was doing and completely broke the software. (Reportedly to the point that styles and scripts didn't work because he moved them out of the web root. Really. The Fedora wiki didn't use the Fedora MediaWiki package because it was so broken.) I suggested in some detail a better way to fix things, and offered to review any patches he wanted to submit upstream. He never submitted any. Oh well.
I'm thankful that the Debian MediaWiki package at least *works*. Not that the same can be said of all their packages either (OpenSSL, anyone?). Maybe if we provided .debs and RPMs, people would be less prone to use the distro packages.