From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2011-July/007103.html | 119 +++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 zarb-ml/mageia-dev/2011-July/007103.html (limited to 'zarb-ml/mageia-dev/2011-July/007103.html') diff --git a/zarb-ml/mageia-dev/2011-July/007103.html b/zarb-ml/mageia-dev/2011-July/007103.html new file mode 100644 index 000000000..5e489343a --- /dev/null +++ b/zarb-ml/mageia-dev/2011-July/007103.html @@ -0,0 +1,119 @@ + + + + [Mageia-dev] Proposal for backport process and policy + + + + + + + + + +

[Mageia-dev] Proposal for backport process and policy

+ blind Pete + 0123peter at gmail.com +
+ Fri Jul 29 08:59:23 CEST 2011 +

+
+ +
on Tue, 26 Jul 2011 17:20
+in the Usenet newsgroup gmane.linux.mageia.devel
+Samuel Verschelde wrote:
+
+> Le mardi 26 juillet 2011 07:56:36, blind Pete a écrit :
+>> on Tue, 26 Jul 2011 08:34
+>> in the Usenet newsgroup gmane.linux.mageia.devel
+>> Samuel Verschelde wrote:
+>> 
+>> [snip]
+>> 
+>> > *** Old backports ***
+>> > Remove old backports when newer ones are submitted
+>> > - otherwise we let people use old bugged or plagged with security issues
+>> > packages, when they don't necessarily know that there are problems with
+>> > them - simpler choice : users have to choose between the version in
+>> > updates and the one in backports, not more
+>> > - less space on mirrors (fear wesnoth and vegastrike multiple backports
+>> > !)
+>> > 
+>> > Thank you for reading.
+>> > 
+>> >  Best regards,
+>> > 
+>> > Samuel Verschelde
+>> 
+>> It is theoretically possible that there could be multiple versions with
+>> bug fixes and feature enhancements with no known security problems in any
+>> of them.  FireFox appears to be almost going down that path.  I think
+>> that FF 5 is just FF 4.0.3 with a silly name - please correct me if I am
+>> wrong - and 5 should obsolete 4.  But I can imagine several versions
+>> existing during the life of a LTS release.
+>> 
+>> The deletion criteria should be, "there is a vulnerability that that is
+>> not going to be fixed".  That is usually, but not always the same as,
+>> "there is a new version".
+> 
+> Are you going to check every existing backport for vulnerabilities so that we 
+> can choose which versions to delete ? 
+
+No.  It it requires work, that is a good reason for not doing it.  
+
+I was assuming that the packager for XYZ would be on a mailing list and 
+when an email arrived that said version 7 need work, then remove it.  
+
+> If not, I don't think this is realistic 
+> to support 5 versions of the same package at the same time. Let's go with the 
+> simpler approach.
+
+If things don't work like I imagined, sorry for the noise.  
+
+Simple and trustworthy is better than complex and untrustworthy.  
+
+> Best regards
+> 
+> Samuel Verschelde
+
+-- 
+Sig goes here...  
+blind Pete  
+
+
+ + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1