1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] Package drop request: ruby-ParseTree
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Package%20drop%20request%3A%20ruby-ParseTree&In-Reply-To=%3C20121211063828.GB17548%40shikamaru.fr%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="020732.html">
<LINK REL="Next" HREF="020736.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] Package drop request: ruby-ParseTree</H1>
<B>Remy CLOUARD</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Package%20drop%20request%3A%20ruby-ParseTree&In-Reply-To=%3C20121211063828.GB17548%40shikamaru.fr%3E"
TITLE="[Mageia-dev] Package drop request: ruby-ParseTree">shikamaru at shikamaru.fr
</A><BR>
<I>Tue Dec 11 07:38:28 CET 2012</I>
<P><UL>
<LI>Previous message: <A HREF="020732.html">[Mageia-dev] Package drop request: ruby-ParseTree
</A></li>
<LI>Next message: <A HREF="020736.html">[Mageia-dev] Package drop request: ruby-ParseTree
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#20735">[ date ]</a>
<a href="thread.html#20735">[ thread ]</a>
<a href="subject.html#20735">[ subject ]</a>
<a href="author.html#20735">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Mon, Dec 10, 2012 at 11:41:38PM +0000, Colin Guthrie wrote:
><i> So what if we provide this library and someone uses it as a component in
</I>><i> some other app they write.
</I>><i>
</I>><i> They likely have an expectation that it will continue to be supported
</I>><i> and that any security vulnerabilities in it are detected and fixed.
</I>><i>
</I>><i> If we don't have a mechanism to remove (or at least very strongly
</I>><i> recommend to remove) package we no longer support, then we are leaving
</I>><i> users vulnerable.
</I>><i>
</I>><i> The orphans system is fine, but it's certainly not as strong a mechanism
</I>><i> as I think is needed.
</I>Well, that would be very lazy from that person not to test the app and
release it. Actually, the ruby community has a strong focus on test
driven development. Since that library is broken with ruby 1.9, it won’t
pass the first test. So no worries here. Actually, I’m pretty sure it
couldn’t even stay on the machine just because it is linked against
libruby.so.1.8, and we provide libruby.so.1.9.
In the ruby policy I added as a requirement a
Requires: ruby(abi) = version
I’m pleased to see this is now an automatic thing, meaning that a
package that’s doesn’t build won’t stand a chance to stay on people’s
machine.
That being said it still requires human intervention to remove it from
the mirrors.
To me this is a rather sane way to deal with the problem, because it’s
self-explanatory: the package can’t stay because its requirements are
not met. If you add it to task-obsolete, you provide no reason to the
user, most of the time the explanation is only a comment in
task-obsolete’s spec file.
Regards,
><i>
</I>><i> Col
</I>><i>
</I>><i> --
</I>><i>
</I>><i> Colin Guthrie
</I>><i> colin(at)mageia.org
</I>><i> <A HREF="http://colin.guthr.ie/">http://colin.guthr.ie/</A>
</I>><i>
</I>><i> Day Job:
</I>><i> Tribalogic Limited <A HREF="http://www.tribalogic.net/">http://www.tribalogic.net/</A>
</I>><i> Open Source:
</I>><i> Mageia Contributor <A HREF="http://www.mageia.org/">http://www.mageia.org/</A>
</I>><i> PulseAudio Hacker <A HREF="http://www.pulseaudio.org/">http://www.pulseaudio.org/</A>
</I>><i> Trac Hacker <A HREF="http://trac.edgewall.org/">http://trac.edgewall.org/</A>
</I>--
Rémy CLOUARD
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="020732.html">[Mageia-dev] Package drop request: ruby-ParseTree
</A></li>
<LI>Next message: <A HREF="020736.html">[Mageia-dev] Package drop request: ruby-ParseTree
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#20735">[ date ]</a>
<a href="thread.html#20735">[ thread ]</a>
<a href="subject.html#20735">[ subject ]</a>
<a href="author.html#20735">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
