24 Mar 2020 |
andrewsh | The patched version of Twisted in Debian is 18.9.0-8, Ubuntu ships security fixes in 18.9.0-6ubuntu1; both include all necessary security fixes.
Twisted 20.3.0 is currently in Debian experimental and hopefully will be uploaded to unstable by the end of the week. | 12:26:37 |
andrewsh | Debian backports for Buster will see updated synapse and Twisted around the weekend when packages migrate to testing. | 12:26:50 |
jonas | andrewsh: it is an antipattern to use tightened dependencies to handle security updates! | 12:58:02 |
andrewsh | I don’t see why; it would be if I started requiring 20.3.0 for example | 12:58:54 |
jonas | please express _functional_ constraints with dependencies, and leave security updating to package management | 12:58:45 |
jonas | you are not alone in not seeing it: it is a(n anti)pattern | 13:00:32 |
andrewsh | well, I find this a functional constraint | 13:00:53 |
andrewsh | 🙂 | 13:01:00 |
| * jonas not really surprised by that type of response - was even considering not mentioning at all because of the expected reaction | 13:01:58 |
grin | jonas: we love you anyway, I can assure you. ❤︎ | 13:50:35 |
grin | It is probably not [always] trivial to convince another maintainer to release an update as a security update when it's not their security. | 13:51:27 |
grin | And some would actually complain if the deps weren't tight, anyway. EIther ways someone complains. (As a sidenote: tight deps make my life miserable as well, but I see why are they there.) | 13:52:29 |
grin | * And some would actually complain if the deps weren't tight, anyway. EIther ways someone complains. (As a sidenote: tight deps make my life miserable as well, but I see why are they there. [As I am sure you do as well, there weren't any implied message about you.]) | 13:52:51 |
grin | I bet someone would get angry if synapse would depend on any twisted but refused to start due to insecure lib.... 🙄 | 13:54:01 |
andrewsh | jonas: I appreciate your comments (I really do!) but I think in this case the benefit is there while the downsides are nearly nil | 17:22:01 |
andrewsh | and please do mention things like this next time 🙂 | 17:22:28 |
jonas | ok :-) | 17:57:18 |
25 Mar 2020 |
| @pythiap:matrix.org left the room. | 05:35:21 |
28 Mar 2020 |
@_neb_rssbot_=40hubert=3auhoreg.ca:matrix.org | Debian package news for matrix-synapse: Problems while searching for a new upstream version | 04:54:18 |
| Jörg Sommer set a profile picture. | 18:01:29 |
30 Mar 2020 |
@_neb_rssbot_=40hubert=3auhoreg.ca:matrix.org | Debian package news for matrix-synapse: matrix-synapse 1.12.0-1 MIGRATED to testing | 04:49:30 |
@_neb_rssbot_=40hubert=3auhoreg.ca:matrix.org | Debian package news for matrix-synapse: Accepted matrix-synapse 1.12.0-1~bpo10+1 (source) into buster-backports | 11:54:32 |
31 Mar 2020 |
| discmuc joined the room. | 10:17:58 |
| moht joined the room. | 12:06:39 |
| hkalbasi joined the room. | 23:06:38 |
| hkalbasi left the room. | 23:14:29 |
1 Apr 2020 |
| phaze joined the room. | 22:58:32 |
2 Apr 2020 |
| @heterochromia420:matrix.org changed their display name from Doppelganger Gil 🐧 to Gillian. | 17:22:57 |
| @heterochromia420:matrix.org changed their profile picture. | 17:23:10 |
| @heterochromia420:matrix.org changed their profile picture. | 17:23:17 |