[Mageia-dev] Update of backport, policy proposal

Sun Jun 26 16:05:21 CEST 2011

Le dimanche 26 juin 2011 à 14:49 +0200, Wolfgang Bornath a écrit :
+> 2011/6/26 Michael Scherer <misc at zarb.org>:
+> > Le dimanche 26 juin 2011 à 11:58 +0300, atilla ontas a écrit :
+> >> 2011/6/26 Wolfgang Bornath <molch.b at googlemail.com>:
+> >> > A short reality check from userside:
+> >> >
+> >> > If foo-1.0 is in Mageia 1 and foo-1.1 is released upstream
+> >> >  - foo-1.1 will likely be integrated in Cauldron very soon after
+> >> >  - users will request to have foo-1.1 in Mageia 1
+> >> >  - if Mageia will not provide it then there will soon be local
+> >> > repositories where local packagers will do a "backport" for their
+> >> > friends.
+> >> >
+> >> > This may not be what Mageia backport policy will allow but we can not
+> >> > avoid people doing and using this, no matter how many warning signs we
+> >> > will publish. This has to be taken into account here.
+> >> >
+> >> > When a policy is found it has to be communicated very well, especially
+> >> > if that policy means that the user can not have foo-1.1 in his stable
+> >> > Mageia 1.
+> >> >
+> >> > This is important because former Mandriva users were used to get
+> >> > almost all new versions backported, if not officially then in 3rd
+> >> > party repos like MIB or MUD.
+> >> >
+> >> > --
+> >> > wobo
+> >> >
+> >
+> >> As wobo mentioned, people like latest and greatest software. I think,
+> >> except a few users will use unofficial 3rd party repos to get latest
+> >> software. While i was maintaining MVT (Mandriva Turkiye) repository,
+> >> our users asked for GNOME 2.32 while Mandriva have GNOME 2.30 on
+> >> official release.
+> >
+> > And others people mentioned that people want also stable software and do
+> > not want changes. But as I said, what people want is not as important
+> > than what we can do, and so the decision is in the end of those that do
+> > the work rather than what people want, because if no one does the work,
+> > nothing happen.
+> 
+> Well, in principle this is correct, not in this case as I have
+> explained as a very common example. You can decide whatever you want,
+> if a user wants a certain package and his friend will pack it for him
+> and puts it up on a server, publishing the existence - then you will
+> see what happens. You know by experience how popular such 3rd-party
+> repos can become (see MIB, MUD), just because somebody had a different
+> view than the official view.
+
+Then someone did it the job. Maybe not correctly from a technical point
+of view, with all the problem this can create ( lack of audit and
+reproductability, as I seen while trying to understand MIB stuff, non
+integration with the rest of the distribution, since this requires to
+type command line etc, breakage of stuff like upgrade of version ), but
+still did the work. 
+
+Of course, most of the time, that's not sustainable, but who really care
+about that...
+
+> In short: no matter what is more important or not, you have to find a
+> compromise between the (understandable) search for optimal workflow,
+> security on one side and the real world of the users on the other. 
+
+Can people please stop saying that "users" are living in the real world,
+as this logically imply that others ( ie, "us", for whatever that mean )
+are not ?
+
+Optimal workflow is solving a real problem for ressources, with impact
+on the distribution. Security is a real problem too. That's not because
+some people do not see a problem that it doesn't existe or that it is a
+fake one.
+
+-- 
+Michael Scherer
+
+