| 1 |
On Mon, 12 Jan 2004 10:59:03 -0500 |
| 2 |
"John Davis" <zhen@g.o> wrote: |
| 3 |
|
| 4 |
> The openssl fix was both. The current version of openssl has TEXTREL |
| 5 |
> (static text relocations, compile w/ -fPIC to fix) in it, completely |
| 6 |
> negating the affects of hardening measures such as PaX (Address Space |
| 7 |
> Layout Randomisation). Even when not taking hardened into account, |
| 8 |
> TEXTREL is just not a good thing to have in .so's (see Debian's |
| 9 |
> development policy - they specifically disallow TEXTREL in shared |
| 10 |
> libraries). |
| 11 |
|
| 12 |
Is there a Gentoo bug or GLSA to track this then? In the future can we |
| 13 |
have issues like this brought up sooner? |
| 14 |
|
| 15 |
> Baselayout changes are essential if we want to have working LiveCDs. |
| 16 |
|
| 17 |
However, coming into the last 1.5 weeks or so before release without our |
| 18 |
build tools being fully functional, having to finish writing them, QA |
| 19 |
them as well as the release seems like a rather large and daunting task to |
| 20 |
try to adequately do in the timeframe provided, regardless of which arch |
| 21 |
you are on. |
| 22 |
|
| 23 |
> The purpose of the original release date was to meet LWE, but as it has |
| 24 |
> been mentioned before, it is not crucial to release on that date (the |
| 25 |
> 22nd). Gentoo is fluid, and so are our releases. Release when you can, |
| 26 |
> just try to be as close to the 22nd as you can be. Dates are not as |
| 27 |
> important as QA. |
| 28 |
|
| 29 |
Why can't we have one unified release date for all architectures, rather |
| 30 |
than one or two at a time? |
| 31 |
|
| 32 |
> Your assesment is unfair. Our goal, as well as yours, is to provide |
| 33 |
> excellent QA. If openssl and baselayout need bumped to fix security bugs |
| 34 |
> and CDBOOT problems, fine; we cannot release something that is broken. |
| 35 |
> The issue at hand has absolutely nothing to do with being a non-x86 |
| 36 |
> arch. I am sorry that it takes so long to build, but as I have said, |
| 37 |
> release when you can. No one has got you in a chokehold to release on |
| 38 |
> the 22nd. If you release on the 29th, I do not care. What I do care |
| 39 |
> about is QA. Make sure your release is tested, which I am sure you will |
| 40 |
> do. |
| 41 |
|
| 42 |
Then somewhere we need a release TODO list, that shows each task that |
| 43 |
needs to be completed and what it's current status is. This will allow us |
| 44 |
all to make better and more informed decisions. |
| 45 |
|
| 46 |
I'm not trying to be overly ornery here, I'm just trying to do the best |
| 47 |
job I can. |
| 48 |
|
| 49 |
-- |
| 50 |
Jason Wever |
| 51 |
Gentoo/Sparc Team Co-Lead |
Archives