| 24 Mar 2020 |
 andrewsh | The patched version of Twisted in Debian is 18.9.0-8, Ubuntu ships security fixes in 18.9.0-6ubuntu1; both include all necessary security fixes.
Twisted 20.3.0 is currently in Debian experimental and hopefully will be uploaded to unstable by the end of the week. | 12:26:37 |
| andrewsh | Debian backports for Buster will see updated synapse and Twisted around the weekend when packages migrate to testing. | 12:26:50 |
 jonas | andrewsh: it is an antipattern to use tightened dependencies to handle security updates! | 12:58:02 |
| andrewsh | I don’t see why; it would be if I started requiring 20.3.0 for example | 12:58:54 |
| jonas | please express _functional_ constraints with dependencies, and leave security updating to package management | 12:58:45 |
| jonas | you are not alone in not seeing it: it is a(n anti)pattern | 13:00:32 |
| andrewsh | well, I find this a functional constraint | 13:00:53 |
| andrewsh | 🙂 | 13:01:00 |
| * jonas not really surprised by that type of response - was even considering not mentioning at all because of the expected reaction | 13:01:58 |
 grin | jonas: we love you anyway, I can assure you. ❤︎ | 13:50:35 |
| grin | It is probably not [always] trivial to convince another maintainer to release an update as a security update when it's not their security. | 13:51:27 |
| grin | And some would actually complain if the deps weren't tight, anyway. EIther ways someone complains. (As a sidenote: tight deps make my life miserable as well, but I see why are they there.) | 13:52:29 |
| grin | * And some would actually complain if the deps weren't tight, anyway. EIther ways someone complains. (As a sidenote: tight deps make my life miserable as well, but I see why are they there. [As I am sure you do as well, there weren't any implied message about you.]) | 13:52:51 |
| grin | I bet someone would get angry if synapse would depend on any twisted but refused to start due to insecure lib.... 🙄 | 13:54:01 |
| andrewsh | jonas: I appreciate your comments (I really do!) but I think in this case the benefit is there while the downsides are nearly nil | 17:22:01 |
| andrewsh | and please do mention things like this next time 🙂 | 17:22:28 |
| jonas | ok :-) | 17:57:18 |
| 25 Mar 2020 |
|  @pythiap:matrix.org left the room. | 05:35:21 |
| 28 Mar 2020 |
 @_neb_rssbot_=40hubert=3auhoreg.ca:matrix.org | Debian package news for matrix-synapse:
Problems while searching for a new upstream version | 04:54:18 |
|  Jörg Sommer set a profile picture. | 18:01:29 |
| 30 Mar 2020 |
| @_neb_rssbot_=40hubert=3auhoreg.ca:matrix.org | Debian package news for matrix-synapse:
matrix-synapse 1.12.0-1 MIGRATED to testing | 04:49:30 |
| @_neb_rssbot_=40hubert=3auhoreg.ca:matrix.org | Debian package news for matrix-synapse:
Accepted matrix-synapse 1.12.0-1~bpo10+1 (source) into buster-backports | 11:54:32 |
| 31 Mar 2020 |
|  discmuc joined the room. | 10:17:58 |
|  moht joined the room. | 12:06:39 |
|  hkalbasi joined the room. | 23:06:38 |
| hkalbasi left the room. | 23:14:29 |
| 1 Apr 2020 |
|  phaze joined the room. | 22:58:32 |
| 2 Apr 2020 |
|  @heterochromia420:matrix.org changed their display name from Doppelganger Gil 🐧 to Gillian. | 17:22:57 |
| @heterochromia420:matrix.org changed their profile picture. | 17:23:10 |
| @heterochromia420:matrix.org changed their profile picture. | 17:23:17 |
