1 |
On 11/29/06, Andrew Gaffney <agaffney@g.o> wrote: |
2 |
> From other developers, most of which were releng members? |
3 |
|
4 |
I get most of mine from users, who are normally kind enough to submit |
5 |
the required patches at the same time. |
6 |
|
7 |
> It's stupid to "blame" releng for the stabilization of gcc-4.1.1. We didn't force |
8 |
> it on people. |
9 |
|
10 |
You're responsible for it being stabilised when it was. It's |
11 |
disappointing that you choose to disavow all responsibility for that |
12 |
happening. |
13 |
|
14 |
I'm not arguing that gcc-4.1 shouldn't have been stabilised at some |
15 |
point in time (although the performance penalty it introduces is a |
16 |
shame). I'm just pointing out a flaw with the idea that the releng |
17 |
snapshots are fit for the purpose of being a non-moving tree for our |
18 |
users. |
19 |
|
20 |
> And as always, if you wanted to know what was going on as part of the release, |
21 |
> the info was there for everyone to see in the usual places (such as the |
22 |
> gentoo-releng mailing list or the #gentoo-releng IRC channel). This argument |
23 |
> about people not knowing what releng is doing seems to come up after every |
24 |
> release. It's crap. |
25 |
|
26 |
I don't agree with you, sorry. |
27 |
|
28 |
Releng members in the past have complained about not knowing what is |
29 |
going on elsewhere in Gentoo; they have _specifically_ complained |
30 |
because information was not _actively_ sent in their direction. But, |
31 |
when the point is raised in the opposite direction, your answer is |
32 |
"it's crap". |
33 |
|
34 |
I'm left very disappointed by that. |
35 |
|
36 |
> If it doesn't get a GLSA, it doesn't get in the release tree. This may mean that |
37 |
> we need to modify the GLSA process a bit so that ~arch packages found to be |
38 |
> vulnerable get GLSAs as well. Although, release tree users won't have these |
39 |
> ~arch versions anyway, so I don't see it being *that* big of an issue. |
40 |
|
41 |
It would be worth checking to make sure that all security bugs for all |
42 |
stable packages get GLSAs first. I don't know whether they do or they |
43 |
don't. |
44 |
|
45 |
> Absolutely, it would be stupid to release it to users without testing that the |
46 |
> upgrade path is even feasible. However, we can't test the upgrade with *all* |
47 |
> packages in the tree, but we can certainly do it with certain "profiles" (gnome |
48 |
> desktop, kde desktop, LAMP server, etc.) to try to cover as many bases as |
49 |
> possible. This testing can be easily scripted. |
50 |
|
51 |
Cool. |
52 |
|
53 |
Best regards, |
54 |
Stu |
55 |
-- |
56 |
gentoo-dev@g.o mailing list |