> The other issue is that of supportability and security. In order to get > into main, a package has to pass a security review by Pitti, and be > considered supportable, which means that upstream is sane, it's a > release for which upstream is likely to make clean security fixes > available without lots of backporting, etc. What is his take on this? Robert Stoffers