[Mageia-dev] How will be the realese cycle?

Thu Oct 7 15:52:15 CEST 2010

On Thursday, 7 October 2010 13:27:50 Tux99 wrote:
+> On Thu, 7 Oct 2010, Buchan Milne wrote:
+> > I don't believe that merely changing to some kind of rolling release will
+> > improve matters for end users, they will just be more confused when they
+> > find out that to install database support for OpenOffice.org, they need
+> > to upgrade all of OpenOffice.org (taking an hour to download ~ 70MB),
+> > instead of just being able to install openoffice.org-base (with a 2
+> > minute download of 2MB).
+> 
+> This is a misconception, even today with the current Mandriva system the
+> user has to download the same 70MB, since security updates are not diffs
+> but whole packages.
+
+I was speaking about the situation where there is no security update required, 
+but a new version with new features is available.
+
+> To make it clearer, if the user wants to install oo-base at a later
+> point with the currend Mdv model he would have to download 20MB
+
+2MB.
+
+> if there
+> has been no security updates since release, or 70MB if there has been a
+> security update in the meantime.
+
+No, the user has the option of not use the updates media, and the package she 
+needs is in main/release.
+
+> Exactly the same would be the case with a light rolling distro.
+
+Depends exactly how it is implemented. Either mirrors are holding all the 
+packages ever released, or the package the user needs is no longer available.
+
+> People who say that a light rolling distro (i.e. where only app upgrades
+> are made available mid-cycle, not the core packages) will increase
+> downloads for users are simply not thinking this through.
+
+See above.
+
+> No one is forced to download and install the upgrades, a user can just
+> only install those upgrades which are also security updates, just like
+> he/she would do with the current Mdv model.
+
+So all packages ever released have to be on every mirror?
+
+> A security update or an upgrade imply roughly the same download size,
+> since in both cases the whole package is downloaded again, what differs
+> is only the version that's being downloaded not the size.
+
+Well, either you are now either meaning:
+-security update policy must be 'in event of vulnerability, upgrade, don't 
+patch'
+or
+-keep every single package on every mirror
+
+As I said previously, a security updates policy is just that, no technical 
+changes need to be done vs the current Mandriva methods. However, what about 
+feature upgrades (in software which have no vulnerabilities in the version 
+shipped with the "big release"). Are you going to deprive users of new 
+versions, because the package developers were too naive to include a 
+vulnerability to ensure updates.
+
+> The only real difference between the light rolling distro model
+> deescribed earlier in this thread by a few people (including myself) and
+> the current Mdv release model, is that security updates of apps are
+> provided through version upgrades whenever this is possible, i.e.
+> when the version upgrade is not a major upgrade with incompatible
+> changes.
+
+So, no new versions without vulnerabilities? This sounds worse for users who 
+want newer packages than the current Mandriva model.
+
+But, I wonder which of the packages in updates should have been upgraded 
+instead of patched:
+
+-apache (I vote no)
+-beagle
+-bzip2
+-evolution
+-lvm
+-firefox (upgraded, resulting in xulrunner and yelp requiring updates)
+-ghostscript
+-git
+-gnome-python
+-kernel
+-kdegraphics
+-samba (oden and I usually discuss pros/cons of upgrading, probably about 33% 
+of the time - especially older releases - we upgrade)
+-mysql (I vote no)
+-openldap (I vote no, users who need newer can get from backports)
+-php (I vote no)
+-tomcat (I vote no)
+
+Sorry, but to compare these cases, we really need real-world examples, so I'm 
+using Mandriva 2010.1 as the basis for comparison.
+
+Regards,
+Buchan
+