Bringing Mercurial (hg) into main
seven.steps at gmail.com
Wed Nov 11 20:01:50 GMT 2009
On Wed, Nov 11, 2009 at 2:14 PM, Alexander Konovalenko
<alexkon at gmail.com> wrote:
> I'm not sure I understand the question. Are you asking whether I'm
> ready to maintain mercurial in universe security-wise? I'm not sure
> what that involves either. Is it enough to request a sync from Debian
> in Launchpad when a vulnerability is discovered and someone else will
> quickly handle it? Or should I prepare, test and upload a package with
> a fix?
You (personally) don't need to "maintain" mercurial in Ubuntu -- those
sorts of efforts are better directed working within Debian's Python
Applications Packaging Team -- unless you have a strong desire to.
That said, for stable and supported Ubuntu releases, the general
practice has been to backport fixes to the existing releases' source
packages. Familiarity with Debian packaging is a boon.
There are several members of Ubuntu MOTU who are happy to work with
you in keeping abreast of mercurial security errata if you're willing
to be vigilant. As always, it's a manpower issue.
More information about the ubuntu-devel