[Mageia-dev] [changelog] [RPM] cauldron core/release dsniff-2.4-0.b1.1.mga2
Michael Scherer
misc at zarb.org
Wed Jan 4 23:16:31 CET 2012
Le mercredi 04 janvier 2012 à 20:09 +0200, Anssi Hannula a écrit :
> On 04.01.2012 19:29, Michael Scherer wrote:
> > Le mercredi 04 janvier 2012 à 16:16 +0200, Anssi Hannula a écrit :
> >> On 04.01.2012 11:54, Michael Scherer wrote:
> >>> Le mercredi 04 janvier 2012 à 11:03 +0200, Thomas Backlund a écrit :
> >>>> Anssi Hannula skrev 3.1.2012 23:05:
> >>>>> On 02.01.2012 12:21, guillomovitch wrote:
> >>>>>> Name : dsniff Relocations: (not relocatable)
> >>>>>> Version : 2.4 Vendor: Mageia.Org
> >>>>>> Release : 0.b1.1.mga2 Build Date: Mon Jan 2 11:18:17 2012
> >>>>>> Install Date: (not installed) Build Host: ecosse
> >>>>>> Group : Monitoring Source RPM: (none)
> >>>>>> Size : 210074 License: BSD
> >>>>>> Signature : (none)
> >>>>>> Packager : guillomovitch<guillomovitch>
> >>>>>> URL : http://www.monkey.org/~dugsong/dsniff/
> >>>>>> Summary : Network audit tools
> >>>>>> Description :
> >>>>>> Tools to audit network and to demonstrate the insecurity of cleartext
> >>>>>> network protocols. Please do not abuse this software.
> >>>>>>
> >>>>>> guillomovitch<guillomovitch> 2.4-0.b1.1.mga2:
> >>>>>> + Revision: 189630
> >>>>>> - drop epoch, we don't care about updating from mdv anymore
> >>>>>
> >>>>> We don't?
> >>>>>
> >>>>
> >>>> Oh yes we do. Atleast from 2010.1
> >>>
> >>> We did for 1, not for 2 or cauldron or anything else. So as long the
> >>> package is not pushed on 1, I think we agreed that people could not care
> >>> about upgrade path from Mandriva.
> >>
> >> Well, I don't like that, IMO we should not remove upgradeability so
> >> soon, even if we won't officially support it.
> >
> > Well, if we do not officially support it, then we do not support it,
> > that's all. There is no "that's unofficially supported" or stuff like
> > that. Supported mean "we will do test and fix bug if they happen", and
> > not supported mean "we reserve our right to not do anything".
> >
> > And that's exactly what happen right now.
>
> IMO there is a level between "officially supported" and "we
> intentionally break it", which means that we advise against it but do
> not hinder people from doing it.
Yes, there is different levels of support, obviously, since people have
different but that doesn't mean we should rely on them, or try to
officially use them. Again, saying "we support that, so we do that, and
we don't support this, so people are free to do what they want" is
simpler.
The whole scheme of having "stuff we do", "stuff we do not promise but
try to", "stuff we do not promise and we do not try to" ( or more ) make
things less clear for everybody. Having a non uniform policy will make
things harder for newer packagers ( and for olders too ).
We have users ( in the past ) that complained about the lack of
reliability of packages on Mandriva. And this was IMHO because we had a
policy of 'we keep everything and we say they are in a section of "maybe
supported"'. The whole message "contribs is not supported but main is"
was simple and yet, too complex to grasp ( because people didn't check
contrib/main before installing anything, ). It was also far from the
truth because some stuff in contribs were more supported than stuff in
main, and thus we were sending mixed messages.
So we should really stick on what we support, and send a simple, clear
and correct message.
And I think we need to keep things simple to solve such issues in the
long run.
> >> But anyway, this affects people doing 2010.1->mga1->mga2 as well... Or
> >> are you saying that isn't supported either, and people should do new
> >> installs??
> >
> > We do not support upgrading mdv2010.1 rpms with rpm from mga2, so if a
> > maintainer want to remove this, he can.
> >
> > Someone doing mdv2010.1->mga1 will end with a mix of mdv2010.1 and mga1
> > if the system is not cleaned, and that's not something we should
> > support, not more than mga X + any random repository upgrade to mga X+1
> >
> > IE, that's not mga1 -> mga2, that's mga1 + 3rd party repo that happened
> > to work by chance to mga2.
>
> I have to strongly disagree with this. If upgrading from 2010.1 to mga1
> is officially supported (and it is), we can't say "you can't upgrade
> your mga1 system to mga2 anymore because you have some old pkgs
> installed which we never asked you to remove" (assuming no non-mdv 3rd
> party repos here).
First, it doesn't break the whole upgrade.
In fact, if we look carefully, people who were running non supported
software ( ie a package from Mandriva ) will still run the same
unsupported software and the same binary. And upgrade will likely work
without error messages. Because nothing requires dsniff, except its own
subpackage.
Secondly, it didn't matter much before Guillaume uploaded dsniff.
1 week ago, anyone who would have upgraded to mga2 with dsniff installed
from mdv would have been in the exact same situation than now, except
nobody cared at all. And the proof that nobody cared is that nobody
pushed the rpm sooner. Would it have been pushed to 1, yes, that would
have breached what we agreed to do. But it was not pushed to 1 ( and I
would say "likely on purpose" ). So the only change with this upload is
for people installing dsniff later.
3rd point, the whole point of saying "we do not support this" is not to
say "we don't support, but we should still support it to some extent".
It is to be able to say "we do not support, so the maintainer can clean
it if he want". You are free to support it if you wish, but Guillaume is
also free to not support it, and choose to clean instead ( because epoch
tags are ugly ).
If we wanted to support upgrading from mdv 2010.1/2 to mga2, or
upgrading people who mix distribution packages ( be it because they do
not know, or on purpose, that's the same problem from a technical PoV ),
it should have been said much sooner.
I do not understand, could people tell me what did they understood we
would do when we said "we will not support upgrade this after mageia
1" ?
--
Michael Scherer
More information about the Mageia-dev
mailing list