The package management lacks a bit if I'm not mistaken. Packages getting not well worked on. An example could be monit for instance.

"The package has not yet entered testing even though the 10-day delay is over."


"[2002-11-29] Accepted monit 1:3.0-1 (i386 source) "

Sure quite some time since last change ... v3.1 is out with bugs fixed, etc


This is just one example. Another one could be sendmail:

Testing Status:
"38 days old (needed 0 days) "

[2002-10-31] Accepted sendmail 8.12.6-8 (i386 source all)

And in the news there is
EMERGENCY should be an emergency shouldn't it ?

There are packages being worked on for mor then a year - 468 days was the highest number I saw.
But if you can't live without the package in question you got always a number of posibilities:
get it from an unofficial source
get it from unstable if it doesn't screw up your box
compile it from source

The problem with unstable is that it has other library dependecies which would require to run the whole system as unstable. The only solution I have here is compiling it myself ... not that I'm afraid to do so - especially for important packages like apache, etc. But then I ask myself what's the usability of an pretty outdated package management ?

The packet management is not outdated - some of the apps are.The debian guys put a biger emphasis on stable and secure apps.In unstable you got apps that you can't even get with distros like gentoo that always try to have the newest versions.
Of course it crashes real bad once in a while - like mine right now.
BTW:sendmail is in stable and monit is in testing and unstable.If you run testing it shouldn't be a problem to install both apps.

Well I meant the apps were outdated of course. And sendmail was just a packet were I didn't see any activity since 31th October 2002.

Don't get me wrong I like debian ... it's just a bit of setting me up seeing an app not really in a current version although it IS really stable - like Apache 2! I never heard anything about instabilty of it since apache.org officially uses it ...


What happens if a package maintainer just doesn't update a package any longer. What time range does need to get passed before a new maintainer will be looked for ?

I do not run TESTING. I run the STABLE version ... and for monit and others I'll probably just build them from source and build my own deb-package once I figured out all the stuff required to do so. Maybe you have some kind of quick & dirty howto ?

Looks like you'll be stuck with compiling from source for monit.On the other hand it doesn't look like it depends on other stuff from testing.
You might get away with just installing it from testing.

Okay I got a reply from the package maintainer right now:I did not come up with ANY problem and using it on another box (compiled from source) ... but oh well. I wonder what would happen if a package like postfix has a security whole. It's not part of the default install like exim, how much time would be required until the fixed package would be published ?

Probably within 48 hours like I read on the security page ?

I think they are pretty quick in putting out security patches for stable.Just make sure that you got security in your sources list.The libc6 issue could be anything - might not even affect your CPU architecture.
Just looked at it.Stuff like Sun this and that is not free holding up packages is the thing that reeaaally sucks about debian in my opinion.

It is in my apt.sources list ... so that shouldn't be the problem. I'm just also thinking about using postfix as MTA (default is exim) and I don't know about the user range using postfix and I do not want to risk a security hole in that box since it's a pretty important one ...

What do you mean with 'user range'?If you are talking about the people actually useing postfix I am sure the maintainer of the app uses it himself.You can get a lot of good debian specific info out of their user mailing list.It is pretty high volume though (bout 200+ mails a day for the english list).
If you subscribe there use the english list - got higher volume,better people and almost nobody get on your nerves about the line wrapping of your mails.Being a german myself I had to unsubscribe from the german list because half of the traffic there is generally about email formatting.

Lol that makes sense a mailing list about linux and with the focus on email formatting ... jesus!

Yeah meant the ppl who actually use it by user range ...

Have fun - I got to go and take care of my beef and beer now.Man doesn't live on Linux alone ;-)