[Mageia-dev] Proposal for backport process and policy

Tue Jul 26 09:20:42 CEST 2011

Le mardi 26 juillet 2011 07:56:36, blind Pete a écrit :
+> on Tue, 26 Jul 2011 08:34
+> in the Usenet newsgroup gmane.linux.mageia.devel
+> Samuel Verschelde wrote:
+> 
+> [snip]
+> 
+> > *** Old backports ***
+> > Remove old backports when newer ones are submitted
+> > - otherwise we let people use old bugged or plagged with security issues
+> > packages, when they don't necessarily know that there are problems with
+> > them - simpler choice : users have to choose between the version in
+> > updates and the one in backports, not more
+> > - less space on mirrors (fear wesnoth and vegastrike multiple backports
+> > !)
+> > 
+> > Thank you for reading.
+> > 
+> >  Best regards,
+> > 
+> > Samuel Verschelde
+> 
+> It is theoretically possible that there could be multiple versions with
+> bug fixes and feature enhancements with no known security problems in any
+> of them.  FireFox appears to be almost going down that path.  I think
+> that FF 5 is just FF 4.0.3 with a silly name - please correct me if I am
+> wrong - and 5 should obsolete 4.  But I can imagine several versions
+> existing during the life of a LTS release.
+> 
+> The deletion criteria should be, "there is a vulnerability that that is
+> not going to be fixed".  That is usually, but not always the same as,
+> "there is a new version".
+
+Are you going to check every existing backport for vulnerabilities so that we 
+can choose which versions to delete ? If not, I don't think this is realistic 
+to support 5 versions of the same package at the same time. Let's go with the 
+simpler approach.
+
+Best regards
+
+Samuel Verschelde
+