Bringing Mercurial (hg) into main

Daniel Chen seven.steps at
Wed Nov 11 20:01:50 GMT 2009

On Wed, Nov 11, 2009 at 2:14 PM, Alexander Konovalenko
<alexkon at> wrote:
> I'm not sure I understand the question. Are you asking whether I'm
> ready to maintain mercurial in universe security-wise? I'm not sure
> what that involves either. Is it enough to request a sync from Debian
> in Launchpad when a vulnerability is discovered and someone else will
> quickly handle it? Or should I prepare, test and upload a package with
> a fix?

You (personally) don't need to "maintain" mercurial in Ubuntu -- those
sorts of efforts are better directed working within Debian's Python
Applications Packaging Team[0] -- unless you have a strong desire to.

That said, for stable and supported Ubuntu releases, the general
practice has been to backport fixes to the existing releases' source
packages. Familiarity with Debian packaging is a boon.

There are several members of Ubuntu MOTU who are happy to work with
you in keeping abreast of mercurial security errata if you're willing
to be vigilant. As always, it's a manpower issue.



More information about the ubuntu-devel mailing list