diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-December/020735.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-December/020735.html | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-December/020735.html b/zarb-ml/mageia-dev/2012-December/020735.html new file mode 100644 index 000000000..0b0d1e0c5 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-December/020735.html @@ -0,0 +1,114 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Package drop request: ruby-ParseTree + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Package%20drop%20request%3A%20ruby-ParseTree&In-Reply-To=%3C20121211063828.GB17548%40shikamaru.fr%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="020732.html"> + <LINK REL="Next" HREF="020736.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Package drop request: ruby-ParseTree</H1> + <B>Remy CLOUARD</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Package%20drop%20request%3A%20ruby-ParseTree&In-Reply-To=%3C20121211063828.GB17548%40shikamaru.fr%3E" + TITLE="[Mageia-dev] Package drop request: ruby-ParseTree">shikamaru at shikamaru.fr + </A><BR> + <I>Tue Dec 11 07:38:28 CET 2012</I> + <P><UL> + <LI>Previous message: <A HREF="020732.html">[Mageia-dev] Package drop request: ruby-ParseTree +</A></li> + <LI>Next message: <A HREF="020736.html">[Mageia-dev] Package drop request: ruby-ParseTree +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#20735">[ date ]</a> + <a href="thread.html#20735">[ thread ]</a> + <a href="subject.html#20735">[ subject ]</a> + <a href="author.html#20735">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Mon, Dec 10, 2012 at 11:41:38PM +0000, Colin Guthrie wrote: +><i> So what if we provide this library and someone uses it as a component in +</I>><i> some other app they write. +</I>><i> +</I>><i> They likely have an expectation that it will continue to be supported +</I>><i> and that any security vulnerabilities in it are detected and fixed. +</I>><i> +</I>><i> If we don't have a mechanism to remove (or at least very strongly +</I>><i> recommend to remove) package we no longer support, then we are leaving +</I>><i> users vulnerable. +</I>><i> +</I>><i> The orphans system is fine, but it's certainly not as strong a mechanism +</I>><i> as I think is needed. +</I>Well, that would be very lazy from that person not to test the app and +release it. Actually, the ruby community has a strong focus on test +driven development. Since that library is broken with ruby 1.9, it won’t +pass the first test. So no worries here. Actually, I’m pretty sure it +couldn’t even stay on the machine just because it is linked against +libruby.so.1.8, and we provide libruby.so.1.9. + +In the ruby policy I added as a requirement a +Requires: ruby(abi) = version +I’m pleased to see this is now an automatic thing, meaning that a +package that’s doesn’t build won’t stand a chance to stay on people’s +machine. + +That being said it still requires human intervention to remove it from +the mirrors. + +To me this is a rather sane way to deal with the problem, because it’s +self-explanatory: the package can’t stay because its requirements are +not met. If you add it to task-obsolete, you provide no reason to the +user, most of the time the explanation is only a comment in +task-obsolete’s spec file. + +Regards, +><i> +</I>><i> Col +</I>><i> +</I>><i> -- +</I>><i> +</I>><i> Colin Guthrie +</I>><i> colin(at)mageia.org +</I>><i> <A HREF="http://colin.guthr.ie/">http://colin.guthr.ie/</A> +</I>><i> +</I>><i> Day Job: +</I>><i> Tribalogic Limited <A HREF="http://www.tribalogic.net/">http://www.tribalogic.net/</A> +</I>><i> Open Source: +</I>><i> Mageia Contributor <A HREF="http://www.mageia.org/">http://www.mageia.org/</A> +</I>><i> PulseAudio Hacker <A HREF="http://www.pulseaudio.org/">http://www.pulseaudio.org/</A> +</I>><i> Trac Hacker <A HREF="http://trac.edgewall.org/">http://trac.edgewall.org/</A> +</I>-- +Rémy CLOUARD +() ascii ribbon campaign - against html e-mail +/\ www.asciiribbon.org - against proprietary attachments +</PRE> + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="020732.html">[Mageia-dev] Package drop request: ruby-ParseTree +</A></li> + <LI>Next message: <A HREF="020736.html">[Mageia-dev] Package drop request: ruby-ParseTree +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#20735">[ date ]</a> + <a href="thread.html#20735">[ thread ]</a> + <a href="subject.html#20735">[ subject ]</a> + <a href="author.html#20735">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |