diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2011-June/005225.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-June/005225.html | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-June/005225.html b/zarb-ml/mageia-dev/2011-June/005225.html new file mode 100644 index 000000000..06497ac9a --- /dev/null +++ b/zarb-ml/mageia-dev/2011-June/005225.html @@ -0,0 +1,161 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Finalizing update process + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Finalizing%20update%20process&In-Reply-To=%3C1307575517.26948.62.camel%40akroma.ephaone.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="005221.html"> + <LINK REL="Next" HREF="005226.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Finalizing update process</H1> + <B>Michael Scherer</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Finalizing%20update%20process&In-Reply-To=%3C1307575517.26948.62.camel%40akroma.ephaone.org%3E" + TITLE="[Mageia-dev] Finalizing update process">misc at zarb.org + </A><BR> + <I>Thu Jun 9 01:25:16 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="005221.html">[Mageia-dev] Finalizing update process +</A></li> + <LI>Next message: <A HREF="005226.html">[Mageia-dev] Finalizing update process +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#5225">[ date ]</a> + <a href="thread.html#5225">[ thread ]</a> + <a href="subject.html#5225">[ subject ]</a> + <a href="author.html#5225">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Le jeudi 09 juin 2011 à 00:53 +0300, Ahmad Samir a écrit : +><i> On 8 June 2011 23:40, Anssi Hannula <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">anssi.hannula at iki.fi</A>> wrote: +</I>><i> > On 08.06.2011 23:23, Ahmad Samir wrote: +</I>><i> >> On 8 June 2011 21:45, Samuel Verschelde <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">stormi at laposte.net</A>> wrote: +</I>><i> >>> Le mercredi 8 juin 2011 19:39:55, Ahmad Samir a écrit : +</I>><i> >>> +</I>><i> >>>> IMHO, rejection reasons: +</I>><i> >>> +</I>><i> >>>> - The sec team doesn't think the update fixes a serious security +</I>><i> >>> +</I>><i> >>>> vulnerability; so it's not updates but backports +</I>><i> >>> +</I>><i> >>> What about bugfix updates ? I guess fixing a bug is a valid reason for an +</I>><i> >>> update, like it was in Mandriva's updates. +</I>><i> >>> +</I>><i> >>> Regards +</I>><i> >>> +</I>><i> >>> Samuel +</I>><i> >> +</I>><i> >> Right, I probably phrased that one wrongly; I meant: +</I>><i> >> fixes a serious bug, e.g. crashing, segfaulting +</I>><i> > +</I>><i> > I don't think we should exclude non-serious bugs :) +</I>><i> > +</I>><i> +</I>><i> Depends, overworking the sec team doesn't look like a good aspect... +</I>><i> (that's why I liked contrib in mdv, I could push an update any time, +</I>><i> without having to go though the bug report -> QA -> Sec team loop). +</I> +Well, I didn't asked to secteam to do anything except managing the +security aspect : +- finding CVE +- finding patch ( with the help of maintainer ) +- finding test and fixes + +But the building and updating should be done by maintainer, as this +would scale better. Let the security team focus on the security aspect, +and be there as a help for maintainers and viceversa. We shouldn't +overload the secteam, while maintainers are here for that :) + +One of the problem at Mandriva was that security and stable updates were +quite disconnected from maintainers, and so it didn't scale well. + +It didn't scale because people didn't know security procedure ( it was +not part of the expected curriculum of a packager, and often was done +without them implied ), it didn't scale because security was only for a +restricted set of salaree taking care of everything on separate +systems. + +I think we should focus on having : +- a system using already know procedure ( ie regular build system ) +- make sure that taking care of update is something done regulary as +part as packager duty ( after all, that's the whole part of being +maintainer ) + +><i> > (or version updates in some cases, like firefox/opera/flash or updating +</I>><i> > an rc/beta version to a stable one, and maybe some online games that are +</I>><i> > useless unless on latest version) +</I>><i> > +</I>><i> +</I>><i> I agree, (except for the games part, nowadays if it's less than 4GB +</I>><i> it's not really a "game"). +</I> +I guess we can start with a list of exception : + +- stuff that should be updated to latest version, because the security +support for older releases ( firefox, chrome ) is too hard +-> we update to latest version if there is no regression and a strong +reason to upgrade ( severe bugfixes, security issue, breakages ). +Exception of this category should be very expectional + +- stuff where there is strict bugfixes only release +( postgresql ), or update to a stable version ( which should be a bugfix +only release when compared to beta/rc :) ) +-> we upgrade to stable ( for rc/beta ) +-> we do version update if it is bug fixes and if the packager is ok +with it ( and if the rules of the bugfix branches are clearly documented +) + +- everything else +-> only minimal patches + +The question of game is still open, ie, should it go in 1st category, or +should we have different rules to see what should be there or not ? + +I guess this would only be for networked game ? + +><i> Maybe the sec team should only work on sec fixes, and there should be +</I>><i> a sub-group of the sec team that handle the not +</I>><i> CVE|crash|segfaulting|buffer-overflow updates. +</I> +segfault, crash are the duty of packager, as well as wrong requires or +anything. +-- +Michael Scherer + +</PRE> + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="005221.html">[Mageia-dev] Finalizing update process +</A></li> + <LI>Next message: <A HREF="005226.html">[Mageia-dev] Finalizing update process +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#5225">[ date ]</a> + <a href="thread.html#5225">[ thread ]</a> + <a href="subject.html#5225">[ subject ]</a> + <a href="author.html#5225">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |