[Pkg-zope-developers] Re: Zope 2.7 and Plone 2 status

Damien Genet damien.genet@free.fr
Thu, 02 Sep 2004 15:25:24 +0200 

Hi,


Sory for the delay, I'm not dead, only incredibly busy...

Le mer 11/08/2004 =E0 07:29, Andreas Tille a =E9crit :
> On Sat, 17 Jul 2004, Damien Genet wrote:
>=20
> > Le jeu 15/07/2004 =E0 23:36, Andreas Tille a =E9crit :
> > > Could you please be a little bit more verbose *which* zope product
> > > is so outdated.  "Every" means "*" or whatever.
> >
> > Here are some raw statistics I collected :
> >
> > package name			deb ver.	upstream ver.	report
> > ------------			--------	-------------	------
> > zope-btreefolder2		0.5.0		1.0.1
> :-((
> > zope-cmf			1.3.3		1.4.5		http://bugs.debian.org/cgi-bin/bugreport.cgi?b=
ug=3D194865
> > zope-cmfcalendar		1.3.3		1.4.5
> > zope-cmfcore			1.3.3		1.4.5
> > zope-cmfdefault			1.3.3		1.4.5
> For the CMF issue there are certain technical reasons if I'm not complete=
ly wrong
> which seem to make it a sane decision not to upgrade to a new version bef=
ore Sarge
> releases because it would destabilize a certain amount of stuff.  Alterna=
tively
> we would need a hand full of full time Debian-Zope packagers.  Anyone wil=
ling to
> pay for those people?

Unfortunately cmf and plone are also the most known and visible Zope
products.
At least from the reverse dependencies only a few packages depends on
them, so I'm not sure I see what they could destabilize.

Of course as sarge is supposed to be released this month, I agree that
updating them is too late now. Wich also means that considering the
frenquency at wich Debian releases new versions, the plone and cmf
versions shipped in Debian stable will quickly become obsolete and not
really usefull.

> > zope-docfindereverywhere	0.4.1		0.5.0
> A new version was sponsored by me but it will take some time until it wil=
l
> be propagated to the Debian mirrors because there was a name change to do=
cfindertab
> which requires updates of the override file and I guess ftpadmins have a =
lot
> to do in these days.  SO I doubt that this new version will reach Sarge.
>=20
> > zope-epoz			0.7.4		0.8.0
> Latest version even 0.8.4 currently, but there are flaws with this produc=
t
> I try to sort out which prevent me from uploading a new version for the
> time beeing.
>=20
> > zope-externaleditor		0.7		0.8
> I recently sponsored an upload of the maintainer.
> > zope-extfile			1.2.0		1.4.2
> Done.
>=20
> > zope-kinterbasdbda		1.0		2.0
> :-((
> > zope-ldapuserfolder		2.2		2.3
> :-(
> This package is known to be a little bit tricky and needs certain testing
> if I'm not wrong here.
> > zope-localizer			1.0.1		1.1.0a3
> :-(
> > zope-parsedxml			1.3.1		1.4
> :-(
> > zope-replacesupport		1.0.1		1.0.2
> :-(
> > zope-testcase			0.8.6		0.9.0
> Done.
> > zope-textindexng2		2.0.7		2.0.8
> Done.

There have been quite some packages updated since my bug reports
(certainly more than those you quoted). I'm glad about this.

> > zope-translationservice		0.3		0.4		http://bugs.debian.org/cgi-bin/bugre=
port.cgi?bug=3D235057
> :-(
> > zope-ttwtype			0.9.1		1.0rc2
> Where did you got that from.  The site
>     http://www.zope.org/Members/comlounge/TTWType/
> not state this.

Collective iirc.

> > zope-verbosesecurity		0.5		0.6
> :-(
> > zope-zms			2.1.2.7		2.2-beta
> I will definitely not package beta versions of software I'm using in prod=
uction.
> I'm in very strong contact to upstream and they suggested me to package e=
xactly
> this version.

This was the version advertised on their website instead of the stable
one. I also found it suspicious, so I didn't issue a bug report about
this.

> > zope-zwiki			0.18.0		0.32.0		http://bugs.debian.org/cgi-bin/bugreport.c=
gi?bug=3D253577
> :-((
> Well this package is mainly unmaintained.  Some weeks ago I was thinking =
about
> a NMU of this package but I was not really convinced we really need YAW (=
Yet Another
> Wiki).  Feel free to file a request for removal to ftpmaster if you are v=
ery
> bored by this outdatedness.

What do you mean by Yet Another Wiki ? But I'm certainly not suggesting
to remove it either :).
Btw, latest version doesn't work with zope 2.6 without a patch, as do
more and more products...

> > zope2.7				2.7.0		2.7.1
> There were rumors about an 2.7.2 upload - I did not had time to check.

Yes, in fact it was already uploaded when you wrote this email, iirc.


> Well, I will not spend my time in verifying your statistics here but I tr=
ied to
> give reasons were I know the reasons and marked the entries with ":-(" wh=
ere
> I think it is not gould but might be no real problem and with ":-((" wher=
e I
> see a real problem.  It reduces to three ":-((" real problems which is no=
t as
> bad as you stated.

Well, even minor version could means than the latest debian package was
year(s) behind upstream. This gave me the rather bad feeling that zope
debian packages were not really maintained anymore.

> > This may sound a bit too hard, but isn't it the maintainer work to keep
> > in touch with upstream ?
> Sure.  The consequence would be that I would immediately orphan all my Zo=
pe
> packages because I have neither an interest in the latest and greatest ve=
rsion
> (hey - my application runs with exactly these versions I packaged) nor th=
e time
> to verify changes on these web pages very frequently.  This fits to the c=
urrent
> discussion of having watch files for every Debian package.  My position h=
ere
> is that I always accept patches with working watch files for my packages,=
 but
> I will not fiddle around with sometimes very strange versioning schemes o=
f
> upstream authors.

I undestand your preocupation, and I would certainly not want you to
resign.

> If you think my point of view is wrong I will orphan these packages but I=
 doubt
> that this would lead to more frequent updates and thus would not really c=
hange
> the situation you are critizising.  To make it clear: I just understand y=
our
> point of view that the situation should be enhanced but I see no way how =
to
> do this.  BTW, I really appreciate your work in keeping an eye on this pr=
oblem
> which might be a partly solution for the problem mentioned above.

I certainly didn't want to sound harsh nor offensive, but I thought that
underlining the matter may be of some usefullness. For instance we (at
our - tiny - company) have stopped using prepackaged debian products for
some time now. Wich is certainly not a problem for us, not even an
annoyance, but simply this reflect problems wich I would prefer not
being present in Debian, with all the respect I have to it.

As you can see with the high latency I need to respond emails, I'm not
really able to be helpfull either. Therefore I'm certenly not throwing
the stone to anyone.
Only if you find it of some help, I can continue to issue bugreports
from time to time, but unfortunately this is the most I can do atm.


Regards,

--=20
Dam