| 1 |
Stuart Herbert wrote: |
| 2 |
> On 11/29/06, Andrew Gaffney <agaffney@g.o> wrote: |
| 3 |
>> The 3-4 weeks of releng filing a ton of "doesn't build with gcc-4.1.1" |
| 4 |
>> bugs |
| 5 |
>> wasn't a big enough clue? :) |
| 6 |
> |
| 7 |
> No. We get those all the time; there's always someone trying out an |
| 8 |
> unsupported release of gcc. |
| 9 |
|
| 10 |
From other developers, most of which were releng members? |
| 11 |
|
| 12 |
>> Also, the arch teams (or at least the arch's |
| 13 |
>> release coordinator...if they didn't tell the rest of their team, |
| 14 |
>> that's not |
| 15 |
>> releng's fault) that were moving to it and people in base-system |
| 16 |
>> working on it |
| 17 |
>> were "in the know". |
| 18 |
> |
| 19 |
> What about everyone else, who isn't part of an arch team? Sorry, but |
| 20 |
> I just don't get how you expected us to know it was coming, when you |
| 21 |
> didn't announce it, and you don't even feel that an announcement was |
| 22 |
> your (releng's) responsibility (even though stabilisation of gcc-4.1 |
| 23 |
> was for you). |
| 24 |
|
| 25 |
It's stupid to "blame" releng for the stabilization of gcc-4.1.1. It would have |
| 26 |
been stabilized soon as part of the normal process of package maintenance |
| 27 |
whether releng wanted it or not. And really, it was up to each arch to say they |
| 28 |
wanted it for the release, not releng. We didn't force it on people. |
| 29 |
|
| 30 |
And as always, if you wanted to know what was going on as part of the release, |
| 31 |
the info was there for everyone to see in the usual places (such as the |
| 32 |
gentoo-releng mailing list or the #gentoo-releng IRC channel). This argument |
| 33 |
about people not knowing what releng is doing seems to come up after every |
| 34 |
release. It's crap. |
| 35 |
|
| 36 |
>> Yes, that's part of wolf31o2's idea. The tree would be "non-moving" |
| 37 |
>> except for |
| 38 |
>> GLSA's and any dependencies required by the updated version of the |
| 39 |
>> security-affected package. |
| 40 |
> |
| 41 |
> How are you going to ensure that all the security fixes that never get |
| 42 |
> a GLSA get into the tree? |
| 43 |
|
| 44 |
If it doesn't get a GLSA, it doesn't get in the release tree. This may mean that |
| 45 |
we need to modify the GLSA process a bit so that ~arch packages found to be |
| 46 |
vulnerable get GLSAs as well. Although, release tree users won't have these |
| 47 |
~arch versions anyway, so I don't see it being *that* big of an issue. |
| 48 |
|
| 49 |
>> A slower-moving (or "non-moving" with security updates) tree is |
| 50 |
>> perfect for me, |
| 51 |
>> and I'm sure for many other people as well. |
| 52 |
> |
| 53 |
> Before you release these trees to users, I trust you'll be doing the |
| 54 |
> responsible thing, and ensuring that upgrades from one tree to the |
| 55 |
> next work? You can't take that for granted; package maintainers |
| 56 |
> cannot be relied upon to test upgrades spanning that length of time. |
| 57 |
> (Which is why upgrade early, upgrade often is a practical way to |
| 58 |
> manage Gentoo boxes) |
| 59 |
|
| 60 |
Absolutely, it would be stupid to release it to users without testing that the |
| 61 |
upgrade path is even feasible. However, we can't test the upgrade with *all* |
| 62 |
packages in the tree, but we can certainly do it with certain "profiles" (gnome |
| 63 |
desktop, kde desktop, LAMP server, etc.) to try to cover as many bases as |
| 64 |
possible. This testing can be easily scripted. |
| 65 |
|
| 66 |
-- |
| 67 |
Andrew Gaffney http://dev.gentoo.org/~agaffney/ |
| 68 |
Gentoo Linux Developer Installer Project |
| 69 |
Today's lesson in political correctness: "Go asphyxiate on a phallus" |
| 70 |
-- |
| 71 |
gentoo-dev@g.o mailing list |
Archives