| 1 |
Anthony G. Basile posted on Tue, 20 Oct 2015 05:34:33 -0400 as excerpted: |
| 2 |
|
| 3 |
> On 10/20/15 4:45 AM, Rich Freeman wrote: |
| 4 |
>> On Tue, Oct 20, 2015 at 4:23 AM, Daniel Campbell <zlg@g.o> |
| 5 |
>> wrote: |
| 6 |
>>> However, does this mean the hardened kernel package must stay in ~arch |
| 7 |
>>> since it's technically the testing version? Or would we keyword it |
| 8 |
>>> based on our own findings of stability? |
| 9 |
>> I'd recommend that the team does whatever adds the most value. If it |
| 10 |
>> doesn't want to do QA on released versions then I suggest it all stay |
| 11 |
>> as ~arch. If you're going to do your own QA I don't see why you can't |
| 12 |
>> mark versions as stable - just make it clear to users what stable |
| 13 |
>> means. |
| 14 |
>> |
| 15 |
>> BTW, while they're only tracking the most recent stable branch of the |
| 16 |
>> kernel, they ARE tracking a stable branch, and not mainline. |
| 17 |
>> |
| 18 |
> I have been marking hardened-sources based on the grsecurity testing |
| 19 |
> patches as stable since forever and will continue with the same |
| 20 |
> practice. "Testing" means they add new features there first and those |
| 21 |
> new features can break stuff. We identify breakage in bug reports and |
| 22 |
> hold back to versions that are known to work until upstream fixes the |
| 23 |
> broken features. It works pretty good in practices and most users of |
| 24 |
> hardened-sources already know this. What they may not know is that the |
| 25 |
> 3.x is no longer public. |
| 26 |
|
| 27 |
And FWIW, ~arch vs stable in gentoo has always been relative not |
| 28 |
necessarily to what upstream considers testing vs stable, but rather, to |
| 29 |
the general stability of the ebuild (and patches, etc) specifically in |
| 30 |
/gentoo/. |
| 31 |
|
| 32 |
Of course there has been quite some maintainer leeway in that, and often |
| 33 |
the maintainer will choose to follow upstream stability guidance when |
| 34 |
choosing versions to stabilize, but that isn't necessarily the case. |
| 35 |
Strictly speaking, it has /always/ been about gentoo-level, not upstream- |
| 36 |
level, stability. |
| 37 |
|
| 38 |
So particularly in cases like this where upstream official testing is all |
| 39 |
that upstream makes available, any gentoo stable indicator must /clearly/ |
| 40 |
be based on gentoo-level stability, /maybe/ based partly on the opinions |
| 41 |
of other distros shipping it, but obviously not based on upstream's |
| 42 |
classification, since they don't even make a stable classified version |
| 43 |
available to the general FLOSS community. |
| 44 |
|
| 45 |
-- |
| 46 |
Duncan - List replies preferred. No HTML msgs. |
| 47 |
"Every nonfree program has a lord, a master -- |
| 48 |
and if you use the program, he is your master." Richard Stallman |
Archives