From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2011-July/007042.html | 122 +++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 zarb-ml/mageia-dev/2011-July/007042.html (limited to 'zarb-ml/mageia-dev/2011-July/007042.html') diff --git a/zarb-ml/mageia-dev/2011-July/007042.html b/zarb-ml/mageia-dev/2011-July/007042.html new file mode 100644 index 000000000..d2cda85d3 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-July/007042.html @@ -0,0 +1,122 @@ + + + + [Mageia-dev] Proposal for backport process and policy + + + + + + + + + +

[Mageia-dev] Proposal for backport process and policy

+ andre999 + andr55 at laposte.net +
+ Wed Jul 27 03:07:09 CEST 2011 +

+
+ +
Samuel Verschelde a écrit :
+> Le mardi 26 juillet 2011 07:56:36, blind Pete a écrit :
+>> on Tue, 26 Jul 2011 08:34
+>> in the Usenet newsgroup gmane.linux.mageia.devel
+>> Samuel Verschelde wrote:
+>>
+>> [snip]
+>>
+>>> *** Old backports ***
+>>> Remove old backports when newer ones are submitted
+>>> - otherwise we let people use old bugged or plagged with security issues
+>>> packages, when they don't necessarily know that there are problems with
+>>> them - simpler choice : users have to choose between the version in
+>>> updates and the one in backports, not more
+>>> - less space on mirrors (fear wesnoth and vegastrike multiple backports
+>>> !)
+>>>
+>>> Thank you for reading.
+>>>
+>>>   Best regards,
+>>>
+>>> Samuel Verschelde
+>>
+>> It is theoretically possible that there could be multiple versions with
+>> bug fixes and feature enhancements with no known security problems in any
+>> of them.  FireFox appears to be almost going down that path.  I think
+>> that FF 5 is just FF 4.0.3 with a silly name - please correct me if I am
+>> wrong - and 5 should obsolete 4.  But I can imagine several versions
+>> existing during the life of a LTS release.
+>>
+>> The deletion criteria should be, "there is a vulnerability that that is
+>> not going to be fixed".  That is usually, but not always the same as,
+>> "there is a new version".
+>
+> Are you going to check every existing backport for vulnerabilities so that we
+> can choose which versions to delete ? If not, I don't think this is realistic
+> to support 5 versions of the same package at the same time. Let's go with the
+> simpler approach.
+
+I can see the point of not keeping multiple packports of larger packages such 
+as ff.
+And the point of keeping things simpler.
+
+However, often a newer version of a package drops/changes features of older 
+versions, so it really does makes sense to keep the older version available, 
+for fallback.  This often applies to very small optional modules of some 
+application.
+(On my system there is at least one very old optional module for a package that 
+I keep for that reason.)
+
+So my suggestion : for smaller packages, say not more than about 1 M or 5 M, 
+(where size doesn't present a problem), we keep multiple backports as long as 
+there are no known security issues.
+
+> Best regards
+>
+> Samuel Verschelde
+
+-- 
+André
+
+ + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1