1 |
On Wednesday 21 July 2004 16:25, aeriksson@××××××××.fm wrote: |
2 |
> I second that feeling. If what we're trying to achieve is to have a |
3 |
> way to signal to the sysadmins that a security update is present, why |
4 |
> not just add a [S] entry to 'emerge -pv'? |
5 |
|
6 |
Two things. First off, I'd hope to achieve a lot more than just adding a [S] |
7 |
entry to emerge -pv. |
8 |
|
9 |
Secondly, where do you think Portage will get the information from to decide |
10 |
whether or not to add the [S]? Right now, the design of the glsa toolset is |
11 |
to bolt this information onto the side. With XML-based changelogs, the |
12 |
information could be stored where it belongs - in the list of what has |
13 |
changed and why. |
14 |
|
15 |
> That way the community |
16 |
> packaging gentoo can stay on step with the development of the upstream |
17 |
> project (low cost), and the sysadmin was to decide (and take the cost) |
18 |
> for doing the upgrade of his installed packages with security holes. |
19 |
|
20 |
Done well (ie, providing a tool so that devs don't *have* to hack XML files by |
21 |
hand), XML Changelogs should add no extra cost. They would also make |
22 |
third-party GUIs like Porthole and packages.gentoo.org much simpler to write |
23 |
and maintain. |
24 |
|
25 |
Best regards, |
26 |
Stu |
27 |
-- |
28 |
Stuart Herbert stuart@g.o |
29 |
Gentoo Developer http://www.gentoo.org/ |
30 |
http://stu.gnqs.org/diary/ |
31 |
|
32 |
GnuPG key id# F9AFC57C available from http://pgp.mit.edu |
33 |
Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C |
34 |
-- |