[Mageia-dev] How will be the realese cycle?

[Buchan Milne]

On Thursday, 7 October 2010 13:27:50 Tux99 wrote:
> On Thu, 7 Oct 2010, Buchan Milne wrote:
> > I don't believe that merely changing to some kind of rolling release will
> > improve matters for end users, they will just be more confused when they
> > find out that to install database support for OpenOffice.org, they need
> > to upgrade all of OpenOffice.org (taking an hour to download ~ 70MB),
> > instead of just being able to install openoffice.org-base (with a 2
> > minute download of 2MB).
> 
> This is a misconception, even today with the current Mandriva system the
> user has to download the same 70MB, since security updates are not diffs
> but whole packages.

I was speaking about the situation where there is no security update required, 
but a new version with new features is available.

> To make it clearer, if the user wants to install oo-base at a later
> point with the currend Mdv model he would have to download 20MB

2MB.

> if there
> has been no security updates since release, or 70MB if there has been a
> security update in the meantime.

No, the user has the option of not use the updates media, and the package she 
needs is in main/release.

> Exactly the same would be the case with a light rolling distro.

Depends exactly how it is implemented. Either mirrors are holding all the 
packages ever released, or the package the user needs is no longer available.

> People who say that a light rolling distro (i.e. where only app upgrades
> are made available mid-cycle, not the core packages) will increase
> downloads for users are simply not thinking this through.

See above.

> No one is forced to download and install the upgrades, a user can just
> only install those upgrades which are also security updates, just like
> he/she would do with the current Mdv model.

So all packages ever released have to be on every mirror?

> A security update or an upgrade imply roughly the same download size,
> since in both cases the whole package is downloaded again, what differs
> is only the version that's being downloaded not the size.

Well, either you are now either meaning:
-security update policy must be 'in event of vulnerability, upgrade, don't 
patch'
or
-keep every single package on every mirror

As I said previously, a security updates policy is just that, no technical 
changes need to be done vs the current Mandriva methods. However, what about 
feature upgrades (in software which have no vulnerabilities in the version 
shipped with the "big release"). Are you going to deprive users of new 
versions, because the package developers were too naive to include a 
vulnerability to ensure updates.

> The only real difference between the light rolling distro model
> deescribed earlier in this thread by a few people (including myself) and
> the current Mdv release model, is that security updates of apps are
> provided through version upgrades whenever this is possible, i.e.
> when the version upgrade is not a major upgrade with incompatible
> changes.

So, no new versions without vulnerabilities? This sounds worse for users who 
want newer packages than the current Mandriva model.

But, I wonder which of the packages in updates should have been upgraded 
instead of patched:

-apache (I vote no)
-beagle
-bzip2
-evolution
-lvm
-firefox (upgraded, resulting in xulrunner and yelp requiring updates)
-ghostscript
-git
-gnome-python
-kernel
-kdegraphics
-samba (oden and I usually discuss pros/cons of upgrading, probably about 33% 
of the time - especially older releases - we upgrade)
-mysql (I vote no)
-openldap (I vote no, users who need newer can get from backports)
-php (I vote no)
-tomcat (I vote no)

Sorry, but to compare these cases, we really need real-world examples, so I'm 
using Mandriva 2010.1 as the basis for comparison.

Regards,
Buchan