| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Jason Wever wrote: |
| 5 |
| |
| 6 |
| Last minute changes like this though seem to be more due to a lack of |
| 7 |
| proper planning than some ultra crucial bug or security fix. |
| 8 |
| |
| 9 |
|
| 10 |
The openssl fix was both. The current version of openssl has TEXTREL |
| 11 |
(static text relocations, compile w/ -fPIC to fix) in it, completely |
| 12 |
negating the affects of hardening measures such as PaX (Address Space |
| 13 |
Layout Randomisation). Even when not taking hardened into account, |
| 14 |
TEXTREL is just not a good thing to have in .so's (see Debian's |
| 15 |
development policy - they specifically disallow TEXTREL in shared |
| 16 |
libraries). |
| 17 |
|
| 18 |
Baselayout changes are essential if we want to have working LiveCDs. |
| 19 |
|
| 20 |
| |
| 21 |
|>I would say that by the end of this week (the 16th), you will be safe to |
| 22 |
|>make a final snapshot. The purpose of this testing week was to identify |
| 23 |
|>things like the openssl problem ;) |
| 24 |
| |
| 25 |
| |
| 26 |
| Then I will not be able to have anything ready to release at LWE, which |
| 27 |
| was the purpose of the original release date. |
| 28 |
| |
| 29 |
|
| 30 |
The purpose of the original release date was to meet LWE, but as it has |
| 31 |
been mentioned before, it is not crucial to release on that date (the |
| 32 |
22nd). Gentoo is fluid, and so are our releases. Release when you can, |
| 33 |
just try to be as close to the 22nd as you can be. Dates are not as |
| 34 |
important as QA. |
| 35 |
|
| 36 |
| Not all architectures can build the components for a release in the time |
| 37 |
| that x86 and faster PPCs can. I know this point comes back up every |
| 38 |
| release cycle, but the behavior does not change. Even on a fast sparc64 |
| 39 |
| box, it'll still take close to a week to build everything (stages, GRP |
| 40 |
| and LiveCD), granted there are no problems. |
| 41 |
| |
| 42 |
| Perhaps I'm unfair in this assessment, but because of repetitive problems |
| 43 |
| like this, I really feel like non-x86 arches are like 2nd class citizens. |
| 44 |
| |
| 45 |
|
| 46 |
Your assesment is unfair. Our goal, as well as yours, is to provide |
| 47 |
excellent QA. If openssl and baselayout need bumped to fix security bugs |
| 48 |
and CDBOOT problems, fine; we cannot release something that is broken. |
| 49 |
The issue at hand has absolutely nothing to do with being a non-x86 |
| 50 |
arch. I am sorry that it takes so long to build, but as I have said, |
| 51 |
release when you can. No one has got you in a chokehold to release on |
| 52 |
the 22nd. If you release on the 29th, I do not care. What I do care |
| 53 |
about is QA. Make sure your release is tested, which I am sure you will do. |
| 54 |
|
| 55 |
Also, if you are really concerned about time, chroot into your stages |
| 56 |
and unpack binary copies built elsewhere of openssl and baselayout. That |
| 57 |
will definitely save you some time. |
| 58 |
|
| 59 |
| |
| 60 |
|>I know this may be frustrating, but hang in there. As far as I know, |
| 61 |
|>openssl and baselayout are the only system packages that are going to be |
| 62 |
|>bumped, and they should both be bumped by Friday (brad willing :) ). |
| 63 |
| |
| 64 |
|
| 65 |
If you have any further questions, please don't hesitate to contact me |
| 66 |
off list. |
| 67 |
|
| 68 |
Cheers, |
| 69 |
//zhen |
| 70 |
|
| 71 |
- -- |
| 72 |
John Davis |
| 73 |
Gentoo Linux Developer |
| 74 |
<http://dev.gentoo.org/~zhen> |
| 75 |
|
| 76 |
- ---- |
| 77 |
Knowledge can be more terrible than ignorance if you're powerless to |
| 78 |
change your world. |
| 79 |
-----BEGIN PGP SIGNATURE----- |
| 80 |
Version: GnuPG v1.2.3 (GNU/Linux) |
| 81 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 82 |
|
| 83 |
iD8DBQFAAsRHZlASNRlGLUcRAiCfAJ941qzVJ9p1PrhNJgZJi2Pbj8mkRQCdGdwW |
| 84 |
CbnQz23rPdJs16sSUVJA6Mk= |
| 85 |
=snZt |
| 86 |
-----END PGP SIGNATURE----- |
| 87 |
|
| 88 |
|
| 89 |
-- |
| 90 |
gentoo-releng@g.o mailing list |
Archives