[Frugalware-devel] -stable uploading proposal

Alex Smith alex.extreme2 at gmail.com
Wed Apr 12 19:52:00 CEST 2006 

Looks OK, but one thing that would need to be done - have some way of
getting users to run -Syu every often, be it via a program, a cron job or
any other way. It would be pointless doing security updates if users don't
actually update to them :)

Alex

On 12/04/06, VMiklos <vmiklos at frugalware.org> wrote:
>
> On Wed, Apr 12, 2006 at 05:03:34PM +0200, VOROSKOI Andras <
> voroskoi at gmail.com> wrote:
> > Well, i don't know how much work this is, but simply bumping the
> > packages in -stable doesn't work all the time. Adding only the security
> > patch is much cleaner, but it's unambigously more difficult. Not only
> > because of more work, but the possibility of errors.
> > So if the developers of the program doesn't sign exactly what had
> > changed because of security issues and what just because of some other
> > reason it can be difficult to make a backport.
>
> so there are two goals:
> - stable has no version bumps but still secure
> - sec issues are solved by version bumps
>
> the problem is when it's up to us to extract the sec patch, and haven't
> done by upstream. this case, we should decide what do we do. a possibly
> rule: "try to extract the secfix from the cvs, etc, but if the patch is
> not provided by upstream, then you are allowed to bump the version in
> -stable" <- how about this?
>
> in this case, the m8r:
> - bumps the package in -current, and in the patch comment mentions what
>   is the situation- upstream patch: yes/no, if yes, the url
> - notify the sec team about there is something to be pulled in -stable
>
> the sec team:
> - applies the patch or bumps the version (no need to search for a patch,
>   it's already done by the m8r)
> - when the fixed packages are uploaded to -stable, then release an
>   advistory
>
> this way the security updates are done by the security team, but it's
> much less work, then doing everything themselves
>
> is this a better proposal? :)
>
> udv / greetings,
> VMiklos
>
> --
> Developer of Frugalware Linux, to make things frugal -
> http://frugalware.org
> _______________________________________________
> Frugalware-devel mailing list
> Frugalware-devel at frugalware.org
> http://frugalware.org/mailman/listinfo/frugalware-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/attachments/20060412/57f7f633/attachment.html

More information about the Frugalware-devel mailing list