Add zarb MLs html archivesHEADmaster

1 files changed, 162 insertions, 0 deletions

diff --git a/zarb-ml/mageia-dev/2011-June/006002.html b/zarb-ml/mageia-dev/2011-June/006002.html
new file mode 100644
index 000000000..14e8c4e6c
--- /dev/null
+++ b/zarb-ml/mageia-dev/2011-June/006002.html
@@ -0,0 +1,162 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-dev] Update of backport, policy proposal
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Update%20of%20backport%2C%20policy%20proposal&In-Reply-To=%3C4E050C16.3090403%40laposte.net%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="006001.html">
+   <LINK REL="Next"  HREF="006022.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-dev] Update of backport, policy proposal</H1>
+    <B>andre999</B> 
+    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Update%20of%20backport%2C%20policy%20proposal&In-Reply-To=%3C4E050C16.3090403%40laposte.net%3E"
+       TITLE="[Mageia-dev] Update of backport, policy proposal">andr55 at laposte.net
+       </A><BR>
+    <I>Sat Jun 25 00:13:42 CEST 2011</I>
+    <P><UL>
+        <LI>Previous message: <A HREF="006001.html">[Mageia-dev] Update of backport, policy proposal
+</A></li>
+        <LI>Next message: <A HREF="006022.html">[Mageia-dev] Update of backport, policy proposal
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#6002">[ date ]</a>
+              <a href="thread.html#6002">[ thread ]</a>
+              <a href="subject.html#6002">[ subject ]</a>
+              <a href="author.html#6002">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>Michael Scherer a &#233;crit :
+&gt;<i>
+</I>&gt;<i> This mail is about handling update on the backport repository. Either
+</I>&gt;<i> new version, or bugfix, or security upgrade.
+</I>&gt;<i>
+</I>&gt;<i> Everybody was focused on &quot;should we do patch, or should we do more
+</I>&gt;<i> backport&quot; issue, but the real problem is not really here.
+</I>&gt;<i>
+</I>&gt;<i> First, we have to decide what kind of update do we want to see, among
+</I>&gt;<i> the 3 types :
+</I>&gt;<i> - bugfixes
+</I>&gt;<i> - security bug fixes,
+</I>&gt;<i> - new version
+</I>
+For bugfixes and new versions, that are not known to have security implications, let's treat them 
+essentially as new backports.
+If the bug were locally reported, the reporter would be involved in the testing.
+Such updates would be installed as any other backport.
+However I would favour notifying those who have installed previous versions of these backports, of 
+the availability of newer versions.
+Maybe even having a backports updates category.  (But not to be installed automatically by default.)
+
+For security issues, I'm not sure that it is important how we find out.
+As far as responsibility, I think the main responibility should be by the packager, but it could be 
+useful for the security team to monitor it, to find an alternate packager if necessary.
+(Presumably from those who have tested or installed the package.)
+(I don't know who monitors security issues now, I just assume the security team.)
+
+However I think that such packages should be tested as normally for backports, and then treated as 
+security updates, to be automatically applied.
+This is because those who have installed the backport in question have decided to accept a higher 
+degree of risk.  However a security issue can be a much greater risk, and is something that is 
+normally resolved automatically.  So by installing a security bug fix automatically for a backport, 
+we are essentially maintaining the level of risk already assumed by the user.
+
+
+In summary :
+
+In terms of testing, I see all backport updates as following the same process as for the initial 
+backports.  (As outlined by misc in another thread.)
+
+For non-security updates, I see essentially the same installation process as for initial backports.
+Adding some form of notification to those who have installed a previous version of the backport in 
+question.
+
+For security updates, I see automatic installation as with any security update.
+
+The treatment of these updates would depend on what is installed on the user's system, and not what 
+repositories are selected.
+
+In terms of monitoring security issues, why not use the same as for other packages ?
+
+my 2 cents :)
+-- 
+Andr&#233;
+</PRE>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message: <A HREF="006001.html">[Mageia-dev] Update of backport, policy proposal
+</A></li>
+	<LI>Next message: <A HREF="006022.html">[Mageia-dev] Update of backport, policy proposal
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#6002">[ date ]</a>
+              <a href="thread.html#6002">[ thread ]</a>
+              <a href="subject.html#6002">[ subject ]</a>
+              <a href="author.html#6002">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
+mailing list</a><br>
+</body></html>