I have been emailing the published addresses for GLEP 19 for 2 months now
with no success. I am very interested in any ideas or projects that might
help gentoo be more server friendly, in an "enterprise" environment, for
lack of a better term.
I have an idea towards "stabilizing" portage for production environments,
but I am not knowledgeable enough about portage to know if it would even be
plausible. If this is the wrong place to ask this, please feel free to
point me in a better direction.
Basically, add a new value for "FEATURES". For lack of a better name, call
If this flag is present in make.conf:
1) emerge --sync does only updates, not deletes (don't ditch old ebuilds).
2) Implement a new revision numbering scheme for ebuilds, -sX. Similar to
-rX, but for glsa updates only. It could be an abbreviation for sticky,
security, or stable, whatever you want.
For example if I am currently running mysql-4.0.25, the only candidate an
emerge -u would consider would be mysql-4.0.25-s1, mysql-4.0.25-s2, etc....
In other words, emerge considers only -sX in its upgrade calculations,
instead of -rX, and only considers the same version.
3) Package maintainers could create duplicate ebuilds for security-only
related revisions to packages, some other team could maintain them, this be
somehow automated, or this could be left up to the users to maintain
through their own overlays. My idea is fuzzy here...
4) In cases where a vulnerability exists that can only be addressed by
bumping up to the next version, leave it up to the user to upgrade to it
manually (FEATURES="-sticky" emerge -u mysql).