[Mageia-dev] Proposal for backport process and policy

blind Pete 0123peter at gmail.com
Fri Jul 29 08:59:23 CEST 2011 

on Tue, 26 Jul 2011 17:20
in the Usenet newsgroup gmane.linux.mageia.devel
Samuel Verschelde wrote:

> Le mardi 26 juillet 2011 07:56:36, blind Pete a écrit :
>> on Tue, 26 Jul 2011 08:34
>> in the Usenet newsgroup gmane.linux.mageia.devel
>> Samuel Verschelde wrote:
>> 
>> [snip]
>> 
>> > *** Old backports ***
>> > Remove old backports when newer ones are submitted
>> > - otherwise we let people use old bugged or plagged with security issues
>> > packages, when they don't necessarily know that there are problems with
>> > them - simpler choice : users have to choose between the version in
>> > updates and the one in backports, not more
>> > - less space on mirrors (fear wesnoth and vegastrike multiple backports
>> > !)
>> > 
>> > Thank you for reading.
>> > 
>> >  Best regards,
>> > 
>> > Samuel Verschelde
>> 
>> It is theoretically possible that there could be multiple versions with
>> bug fixes and feature enhancements with no known security problems in any
>> of them.  FireFox appears to be almost going down that path.  I think
>> that FF 5 is just FF 4.0.3 with a silly name - please correct me if I am
>> wrong - and 5 should obsolete 4.  But I can imagine several versions
>> existing during the life of a LTS release.
>> 
>> The deletion criteria should be, "there is a vulnerability that that is
>> not going to be fixed".  That is usually, but not always the same as,
>> "there is a new version".
> 
> Are you going to check every existing backport for vulnerabilities so that we 
> can choose which versions to delete ? 

No.  It it requires work, that is a good reason for not doing it.  

I was assuming that the packager for XYZ would be on a mailing list and 
when an email arrived that said version 7 need work, then remove it.  

> If not, I don't think this is realistic 
> to support 5 versions of the same package at the same time. Let's go with the 
> simpler approach.

If things don't work like I imagined, sorry for the noise.  

Simple and trustworthy is better than complex and untrustworthy.  

> Best regards
> 
> Samuel Verschelde

-- 
Sig goes here...  
blind Pete

More information about the Mageia-dev mailing list