[Mageia-dev] Proposal for backport process and policy
Samuel Verschelde
stormi at laposte.net
Tue Jul 26 09:20:42 CEST 2011
Le mardi 26 juillet 2011 07:56:36, blind Pete a écrit :
> on Tue, 26 Jul 2011 08:34
> in the Usenet newsgroup gmane.linux.mageia.devel
> Samuel Verschelde wrote:
>
> [snip]
>
> > *** Old backports ***
> > Remove old backports when newer ones are submitted
> > - otherwise we let people use old bugged or plagged with security issues
> > packages, when they don't necessarily know that there are problems with
> > them - simpler choice : users have to choose between the version in
> > updates and the one in backports, not more
> > - less space on mirrors (fear wesnoth and vegastrike multiple backports
> > !)
> >
> > Thank you for reading.
> >
> > Best regards,
> >
> > Samuel Verschelde
>
> It is theoretically possible that there could be multiple versions with
> bug fixes and feature enhancements with no known security problems in any
> of them. FireFox appears to be almost going down that path. I think
> that FF 5 is just FF 4.0.3 with a silly name - please correct me if I am
> wrong - and 5 should obsolete 4. But I can imagine several versions
> existing during the life of a LTS release.
>
> The deletion criteria should be, "there is a vulnerability that that is
> not going to be fixed". That is usually, but not always the same as,
> "there is a new version".
Are you going to check every existing backport for vulnerabilities so that we
can choose which versions to delete ? If not, I don't think this is realistic
to support 5 versions of the same package at the same time. Let's go with the
simpler approach.
Best regards
Samuel Verschelde
More information about the Mageia-dev
mailing list