[Mageia-dev] Backports policy clarification (and discussion)

blind Pete 0123peter at gmail.com
Tue Jun 12 09:30:03 CEST 2012 

Samuel Verschelde wrote:

> I re-read the backports policy, and there's a part I think needs to be
> pointed out before people start to backport packages.
> 
> "We need to ensure that upgrades never fail: cauldron must always have a
> higher version/release than in stable releases."
> 
> This statement is true, but implies more than what it says. It means that
> we can't backport a package for Mageia 1 with a higher version than what
> we have in Mageia 2 release (and updates?) media. And this, until we are
> able to take backports into account during upgrades.
> 
> Example :
> - Mageia 2 has wesnoth 1.10.2 in core/release
> - Mageia 1 can't get a higher version in its backports media
> 
> Do you all agree with my understanding of the policy ?
> 
> This is a serious limitation to our ability to backport to Mageia (n-1)
> and even to our ability to provide security fixes to backports there (will
> not prevent it, but will prevent to do it by a version upgrade, which is
> the common way to fix that kind of issue in backports).
> 
> Maybe we shouldn't open backports for Mageia 1, and make sure upgrade to
> Mageia 3 can take backports from Mageia 2 into account so that backports
> to Mageia 2 are not stopped when Mageia 3 is released. Then we'll be safe.
> 
> Samuel

This might be an interesting way to restate the problem...  

Imagine that example package 1 (ex1) is in mga1 _at the time of release_. 
Ex2 is in mga2 _at the time of release_. 
Ex3 is in mga3 _at the time of release_. 
Ex4 is in cauldron. 

Ignore backports for a moment, and imagine that there has been a 
monumental security breach in the example package such that 
versions one and two are completely untrustworth and Ex3.1 is 
recommended for everyone.  

The obvious thing to do is push updates of Ex3.1 to mga3, mga2, 
and mga1, in that order.  

What happens to a system running mga1 plus updates when you 
attempt to update it?  Would the old ISOs be withdrawn?  
Or re-released with Ex3.1?
Or would you have to wait for an emergency release of mga4?  
Or could a separate "update" iso be released along side 
the pre-existing isos?  
Or could on-line updates be made compulsory?  

-- 
blind Pete
Sig goes here...

More information about the Mageia-dev mailing list