diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2011-June/006000.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-June/006000.html | 186 |
1 files changed, 186 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-June/006000.html b/zarb-ml/mageia-dev/2011-June/006000.html new file mode 100644 index 000000000..a29c8f000 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-June/006000.html @@ -0,0 +1,186 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Update of backport, policy proposal + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Update%20of%20backport%2C%20policy%20proposal&In-Reply-To=%3C4E04F64E.4080304%40laposte.net%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="005992.html"> + <LINK REL="Next" HREF="006001.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Update of backport, policy proposal</H1> + <B>andre999</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Update%20of%20backport%2C%20policy%20proposal&In-Reply-To=%3C4E04F64E.4080304%40laposte.net%3E" + TITLE="[Mageia-dev] Update of backport, policy proposal">andr55 at laposte.net + </A><BR> + <I>Fri Jun 24 22:40:46 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="005992.html">[Mageia-dev] Update of backport, policy proposal +</A></li> + <LI>Next message: <A HREF="006001.html">[Mageia-dev] Update of backport, policy proposal +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#6000">[ date ]</a> + <a href="thread.html#6000">[ thread ]</a> + <a href="subject.html#6000">[ subject ]</a> + <a href="author.html#6000">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Michael Scherer a écrit : +><i> +</I>><i> Hi, +</I>><i> +</I>><i> The last mail from the backport trilogy. And like all good trilogy, +</I>><i> that's where the suspens is present ( as for the 1 and 2 part, you know +</I>><i> there is another episode ) +</I>><i> +</I>><i> This mail is about handling update on the backport repository. Either +</I>><i> new version, or bugfix, or security upgrade. +</I>><i> +</I>><i> Everybody was focused on "should we do patch, or should we do more +</I>><i> backport" issue, but the real problem is not really here. +</I>><i> +</I>><i> First, we have to decide what kind of update do we want to see, among +</I>><i> the 3 types : +</I>><i> - bugfixes +</I>><i> - security bug fixes, +</I>><i> - new version +</I>><i> +</I>><i> Then as we want to have working backports, I think we need to do test, +</I>><i> like we do for normal backports, or updates. This mean someone need to +</I>><i> test, besides the packagers. +</I>><i> +</I>><i> For the first one, we can assume that if there is a bug, someone will +</I>><i> fill it. Then we can assign it to the one that backported to fix the +</I>><i> packages, and ask the reporter to test. +</I>><i> +</I>><i> +</I>><i> For the 3rd one, I guess we can use the same as 1st one. If no one ask, +</I>><i> do nothing. If someone ask, do the same as others backports, and erase +</I>><i> the previous one. +</I>><i> +</I>><i> +</I>><i> For the 2nd one, it all depend on how we find out about security issues. +</I>><i> A tool like the one used by debian/ubuntu that check for each package if +</I>><i> the version is vulnerable or not could help packager to know if a +</I>><i> backport requires a fix or not, like this is done for the others +</I>><i> packages. However, this mean that someone will have to check if the bug +</I>><i> is fixed, and the question is "who" ( and I do not have a answer that I +</I>><i> find good enough yet ). This could even be more tricky if we consider +</I>><i> that this can be a version upgrade, and a security fix. Even if we trust +</I>><i> the upstream to fix the security issue, we still want to have it +</I>><i> working. +</I>><i> +</I>><i> +</I>><i> But besides this question, there is a more important problem. If we +</I>><i> think that some packages updates are important enough to be sent to user +</I>><i> without them asking for explicitly, we cannot let people pick only some +</I>><i> packages on demand by disabling backports. +</I>><i> +</I>><i> Either backports source is enabled in urpmi, and this would mean that +</I>><i> backports are treated like update from a user point of view, or the +</I>><i> backports are enabled on demand, meaning that the user is on his own. +</I>><i> +</I>><i> Again, I do not have much ideas. A solution would be to have something +</I>><i> like portaudit ( <A HREF="http://www.freshports.org/ports-mgmt/portaudit">http://www.freshports.org/ports-mgmt/portaudit</A> ). So +</I>><i> people would be warned if the backport is insecure, or could be upgraded +</I>><i> ( even for a new version ). I guess we should however psuh people to run +</I>><i> the latest backport, whatever the reason, to avoid headaches when bug +</I>><i> are reported. +</I>><i> +</I>><i> Another solution would be to patch urpmi to do a special type of update, +</I>><i> ie it would only update packages from backports if they come from +</I>><i> backports. Not really clean, IMHO. +</I>><i> +</I>><i> Last solution, declare that cherry picking is not supported, or that +</I>><i> people are on their own, and explain the reason. However, people have +</I>><i> been asking this, and recommend this. This would also be against a goal +</I>><i> of having confidence in the backports. +</I>><i> +</I>><i> +</I>><i> Again, and as said in the title, this is a proposal so feel free to +</I>><i> comment. +</I>><i> +</I> + +-- +André +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="005992.html">[Mageia-dev] Update of backport, policy proposal +</A></li> + <LI>Next message: <A HREF="006001.html">[Mageia-dev] Update of backport, policy proposal +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#6000">[ date ]</a> + <a href="thread.html#6000">[ thread ]</a> + <a href="subject.html#6000">[ subject ]</a> + <a href="author.html#6000">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |