[Mageia-dev] Update of backport, policy proposal

Michael Scherer misc at zarb.org
Sun Jun 26 16:05:21 CEST 2011


Le dimanche 26 juin 2011 à 14:49 +0200, Wolfgang Bornath a écrit :
> 2011/6/26 Michael Scherer <misc at zarb.org>:
> > Le dimanche 26 juin 2011 à 11:58 +0300, atilla ontas a écrit :
> >> 2011/6/26 Wolfgang Bornath <molch.b at googlemail.com>:
> >> > A short reality check from userside:
> >> >
> >> > If foo-1.0 is in Mageia 1 and foo-1.1 is released upstream
> >> >  - foo-1.1 will likely be integrated in Cauldron very soon after
> >> >  - users will request to have foo-1.1 in Mageia 1
> >> >  - if Mageia will not provide it then there will soon be local
> >> > repositories where local packagers will do a "backport" for their
> >> > friends.
> >> >
> >> > This may not be what Mageia backport policy will allow but we can not
> >> > avoid people doing and using this, no matter how many warning signs we
> >> > will publish. This has to be taken into account here.
> >> >
> >> > When a policy is found it has to be communicated very well, especially
> >> > if that policy means that the user can not have foo-1.1 in his stable
> >> > Mageia 1.
> >> >
> >> > This is important because former Mandriva users were used to get
> >> > almost all new versions backported, if not officially then in 3rd
> >> > party repos like MIB or MUD.
> >> >
> >> > --
> >> > wobo
> >> >
> >
> >> As wobo mentioned, people like latest and greatest software. I think,
> >> except a few users will use unofficial 3rd party repos to get latest
> >> software. While i was maintaining MVT (Mandriva Turkiye) repository,
> >> our users asked for GNOME 2.32 while Mandriva have GNOME 2.30 on
> >> official release.
> >
> > And others people mentioned that people want also stable software and do
> > not want changes. But as I said, what people want is not as important
> > than what we can do, and so the decision is in the end of those that do
> > the work rather than what people want, because if no one does the work,
> > nothing happen.
> 
> Well, in principle this is correct, not in this case as I have
> explained as a very common example. You can decide whatever you want,
> if a user wants a certain package and his friend will pack it for him
> and puts it up on a server, publishing the existence - then you will
> see what happens. You know by experience how popular such 3rd-party
> repos can become (see MIB, MUD), just because somebody had a different
> view than the official view.

Then someone did it the job. Maybe not correctly from a technical point
of view, with all the problem this can create ( lack of audit and
reproductability, as I seen while trying to understand MIB stuff, non
integration with the rest of the distribution, since this requires to
type command line etc, breakage of stuff like upgrade of version ), but
still did the work. 

Of course, most of the time, that's not sustainable, but who really care
about that...

> In short: no matter what is more important or not, you have to find a
> compromise between the (understandable) search for optimal workflow,
> security on one side and the real world of the users on the other. 

Can people please stop saying that "users" are living in the real world,
as this logically imply that others ( ie, "us", for whatever that mean )
are not ?

Optimal workflow is solving a real problem for ressources, with impact
on the distribution. Security is a real problem too. That's not because
some people do not see a problem that it doesn't existe or that it is a
fake one.

-- 
Michael Scherer



More information about the Mageia-dev mailing list