1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] Update of backport, policy proposal
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Update%20of%20backport%2C%20policy%20proposal&In-Reply-To=%3C4E04F64E.4080304%40laposte.net%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="005992.html">
<LINK REL="Next" HREF="006001.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] Update of backport, policy proposal</H1>
<B>andre999</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Update%20of%20backport%2C%20policy%20proposal&In-Reply-To=%3C4E04F64E.4080304%40laposte.net%3E"
TITLE="[Mageia-dev] Update of backport, policy proposal">andr55 at laposte.net
</A><BR>
<I>Fri Jun 24 22:40:46 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="005992.html">[Mageia-dev] Update of backport, policy proposal
</A></li>
<LI>Next message: <A HREF="006001.html">[Mageia-dev] Update of backport, policy proposal
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#6000">[ date ]</a>
<a href="thread.html#6000">[ thread ]</a>
<a href="subject.html#6000">[ subject ]</a>
<a href="author.html#6000">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Michael Scherer a écrit :
><i>
</I>><i> Hi,
</I>><i>
</I>><i> The last mail from the backport trilogy. And like all good trilogy,
</I>><i> that's where the suspens is present ( as for the 1 and 2 part, you know
</I>><i> there is another episode )
</I>><i>
</I>><i> This mail is about handling update on the backport repository. Either
</I>><i> new version, or bugfix, or security upgrade.
</I>><i>
</I>><i> Everybody was focused on "should we do patch, or should we do more
</I>><i> backport" issue, but the real problem is not really here.
</I>><i>
</I>><i> First, we have to decide what kind of update do we want to see, among
</I>><i> the 3 types :
</I>><i> - bugfixes
</I>><i> - security bug fixes,
</I>><i> - new version
</I>><i>
</I>><i> Then as we want to have working backports, I think we need to do test,
</I>><i> like we do for normal backports, or updates. This mean someone need to
</I>><i> test, besides the packagers.
</I>><i>
</I>><i> For the first one, we can assume that if there is a bug, someone will
</I>><i> fill it. Then we can assign it to the one that backported to fix the
</I>><i> packages, and ask the reporter to test.
</I>><i>
</I>><i>
</I>><i> For the 3rd one, I guess we can use the same as 1st one. If no one ask,
</I>><i> do nothing. If someone ask, do the same as others backports, and erase
</I>><i> the previous one.
</I>><i>
</I>><i>
</I>><i> For the 2nd one, it all depend on how we find out about security issues.
</I>><i> A tool like the one used by debian/ubuntu that check for each package if
</I>><i> the version is vulnerable or not could help packager to know if a
</I>><i> backport requires a fix or not, like this is done for the others
</I>><i> packages. However, this mean that someone will have to check if the bug
</I>><i> is fixed, and the question is "who" ( and I do not have a answer that I
</I>><i> find good enough yet ). This could even be more tricky if we consider
</I>><i> that this can be a version upgrade, and a security fix. Even if we trust
</I>><i> the upstream to fix the security issue, we still want to have it
</I>><i> working.
</I>><i>
</I>><i>
</I>><i> But besides this question, there is a more important problem. If we
</I>><i> think that some packages updates are important enough to be sent to user
</I>><i> without them asking for explicitly, we cannot let people pick only some
</I>><i> packages on demand by disabling backports.
</I>><i>
</I>><i> Either backports source is enabled in urpmi, and this would mean that
</I>><i> backports are treated like update from a user point of view, or the
</I>><i> backports are enabled on demand, meaning that the user is on his own.
</I>><i>
</I>><i> Again, I do not have much ideas. A solution would be to have something
</I>><i> like portaudit ( <A HREF="http://www.freshports.org/ports-mgmt/portaudit">http://www.freshports.org/ports-mgmt/portaudit</A> ). So
</I>><i> people would be warned if the backport is insecure, or could be upgraded
</I>><i> ( even for a new version ). I guess we should however psuh people to run
</I>><i> the latest backport, whatever the reason, to avoid headaches when bug
</I>><i> are reported.
</I>><i>
</I>><i> Another solution would be to patch urpmi to do a special type of update,
</I>><i> ie it would only update packages from backports if they come from
</I>><i> backports. Not really clean, IMHO.
</I>><i>
</I>><i> Last solution, declare that cherry picking is not supported, or that
</I>><i> people are on their own, and explain the reason. However, people have
</I>><i> been asking this, and recommend this. This would also be against a goal
</I>><i> of having confidence in the backports.
</I>><i>
</I>><i>
</I>><i> Again, and as said in the title, this is a proposal so feel free to
</I>><i> comment.
</I>><i>
</I>
--
André
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="005992.html">[Mageia-dev] Update of backport, policy proposal
</A></li>
<LI>Next message: <A HREF="006001.html">[Mageia-dev] Update of backport, policy proposal
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#6000">[ date ]</a>
<a href="thread.html#6000">[ thread ]</a>
<a href="subject.html#6000">[ subject ]</a>
<a href="author.html#6000">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
