| 1 |
On 11/29/06, Andrew Gaffney <agaffney@g.o> wrote: |
| 2 |
> From other developers, most of which were releng members? |
| 3 |
|
| 4 |
I get most of mine from users, who are normally kind enough to submit |
| 5 |
the required patches at the same time. |
| 6 |
|
| 7 |
> It's stupid to "blame" releng for the stabilization of gcc-4.1.1. We didn't force |
| 8 |
> it on people. |
| 9 |
|
| 10 |
You're responsible for it being stabilised when it was. It's |
| 11 |
disappointing that you choose to disavow all responsibility for that |
| 12 |
happening. |
| 13 |
|
| 14 |
I'm not arguing that gcc-4.1 shouldn't have been stabilised at some |
| 15 |
point in time (although the performance penalty it introduces is a |
| 16 |
shame). I'm just pointing out a flaw with the idea that the releng |
| 17 |
snapshots are fit for the purpose of being a non-moving tree for our |
| 18 |
users. |
| 19 |
|
| 20 |
> And as always, if you wanted to know what was going on as part of the release, |
| 21 |
> the info was there for everyone to see in the usual places (such as the |
| 22 |
> gentoo-releng mailing list or the #gentoo-releng IRC channel). This argument |
| 23 |
> about people not knowing what releng is doing seems to come up after every |
| 24 |
> release. It's crap. |
| 25 |
|
| 26 |
I don't agree with you, sorry. |
| 27 |
|
| 28 |
Releng members in the past have complained about not knowing what is |
| 29 |
going on elsewhere in Gentoo; they have _specifically_ complained |
| 30 |
because information was not _actively_ sent in their direction. But, |
| 31 |
when the point is raised in the opposite direction, your answer is |
| 32 |
"it's crap". |
| 33 |
|
| 34 |
I'm left very disappointed by that. |
| 35 |
|
| 36 |
> If it doesn't get a GLSA, it doesn't get in the release tree. This may mean that |
| 37 |
> we need to modify the GLSA process a bit so that ~arch packages found to be |
| 38 |
> vulnerable get GLSAs as well. Although, release tree users won't have these |
| 39 |
> ~arch versions anyway, so I don't see it being *that* big of an issue. |
| 40 |
|
| 41 |
It would be worth checking to make sure that all security bugs for all |
| 42 |
stable packages get GLSAs first. I don't know whether they do or they |
| 43 |
don't. |
| 44 |
|
| 45 |
> Absolutely, it would be stupid to release it to users without testing that the |
| 46 |
> upgrade path is even feasible. However, we can't test the upgrade with *all* |
| 47 |
> packages in the tree, but we can certainly do it with certain "profiles" (gnome |
| 48 |
> desktop, kde desktop, LAMP server, etc.) to try to cover as many bases as |
| 49 |
> possible. This testing can be easily scripted. |
| 50 |
|
| 51 |
Cool. |
| 52 |
|
| 53 |
Best regards, |
| 54 |
Stu |
| 55 |
-- |
| 56 |
gentoo-dev@g.o mailing list |
Archives