scim and sacro-saint update policy

Hi,
I've been hoping for somebodyto  inform devs instead of me but it seems 
I'll have to do it myself.

Here is a copy of a post in 
http://www.ubuntuforums.org/showthread.php?t=76985

    /Don't know what you think, but in the case of a package as broken
    as scim, the developper could rethink their "only updates are for
    security issues" policy. /
    /Since the scim provided by breezy is not just malfunctionning but
    **really** cause big trouble issues with other (sometime criticall
    for *security*) packages, they might consider it as a security matter./

    /Not to say that most people using breezy with scim installed will
    not be able to guess their problems comes from scim and will just
    judge breezy unstabe and bugged, filling bug reports, complaints,
    shouts and thus distracting them from better issues.../

    /*If you know who could listen to this explanation amid ubuntu devs,
    please forward this post or let me know. */
    /I had to install breezy again on another partition thinking ubuntu
    was as bad as windows NoUpdatesFormatB4(tm) before realising it all
    came from scim./

    /Thanks. Hope it will help somebody./


I know there's a sacro-saint rule for ubuntu-dev that says "no updates 
ubless there's a security issue". And I know ubuntu devs are aware of 
this problem and already decided they wouldn't update scim packages (if 
you do a quick search in the forums, you'll find other threads like this 
one).
However, anybody that would have the default scim packages installed is 
face to *serious* security issues. Not the kind of "buffer overflow" 
threats, but you'll reckon an application that makes half the criticall 
software useless (going from slowliness to pure crash) *might be*  an 
issue more criticall than a buffer overflow problem in firefox.
Why updating a package because you have a 1/100000 chance to get hacked 
and then a 1/100 to lose precious data and refuse to update one that has 
a 100% chance to make your system broken, forcing you to format 
everything, lose your time-costy configuration and let you the 
impression that Ubuntu is like windows, that is an os that has to be 
reinstalled every 6 month?
Most people that where using scim upgrade from Hoary to Breezy to find a 
system that has become useless. Just for *one* little package. And no, 
it's not easy to detect wich app is the root of your problem. Especially 
if for that you have to admit the idea that ubuntu devs give you 
packages they know are broken, even on a clean install of Breezy.
We'll have saved a lot of posts, that is we'll have saved *you* a lot of 
time (lots of people complaning the speed drop in breezy have a certain 
app installed. Guess wich app? And the ones complaining program **** 
doesn't work whereas they're working for you? Just ask them if they use 
scim...) by just *deleting* the broken packages.
I understand the maintainers might have no time to redo scim for Breezy. 
But then, just delete the packages and point to 
http://svn.ubuntu.org.cn/ubuntu-cn/d...n/binary-i386/ 
<http://svn.ubuntu.org.cn/ubuntu-cn/dists/breezy/main/binary-i386/>
Or if a legal issue prevents this, just delete the broken scim packages. 
At least, people will have a nice breezy wich they can use to dl the 
working scim packages.

I don't mean to offend anyone. And if there's any mystic reason why we 
have to keep security threats in Breezy, at least please let me know 
them... :)

Oh, and by the way, any reason not to include the last xorg drivers for 
wacom in dapper? 6.8 and 7.0 have been out for long (at least for 6.8) 
and they both support Intuos 3 perfectly (7.0 works without 
recompilation, even though the linuxwacom mini howto say you have to 
compile them, wich is another useless pain)? (If nobody answer this one, 
don't worry. I'll  just make another post :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20051108/4c0a5c17/attachment.htm