| 1 |
Jan Meier wrote: |
| 2 |
> Am Mittwoch 16 August 2006 15:12 schrieb Paul Kölle: |
| 3 |
>> Jan Meier wrote: |
| 4 |
>>> I would be willing to start such a stable tree, I am thinking of taking a |
| 5 |
>>> current portage tree, delete all ~arch ebuilds and create an overlay. |
| 6 |
>>> Every time a security announcement is fired up I will add the newer |
| 7 |
>>> ebuild to the overlay, checking for any really needed depencies. |
| 8 |
>> ~arch doesn't hurt, so the main difference to glsa-check+standard tree |
| 9 |
>> would be old ebuilds not being deleted right? |
| 10 |
> |
| 11 |
> No, the advantage would be that new ebuilds would not come into the portage |
| 12 |
> tree. Only security relevant ebuilds, formerly which fix security holes, |
| 13 |
> would come into the tree (kernel, php, mysql, apache, etc. should not be |
| 14 |
> stopped from entering the portage tree). |
| 15 |
Sorry, I don't get it. Why are you concerned about packages in the tree |
| 16 |
you don't use? Is it about space savings? |
| 17 |
|
| 18 |
> This has the advantage that there would be less packages to update when the |
| 19 |
> system has to be updated. And if there are security relevant updates there |
| 20 |
> would not be as much dependency updates as with the normal tree. |
| 21 |
The depgraph of a bumped package does not depend on being bumped due to |
| 22 |
a GLSA or not. If you only use glsa-check, you will get GLSA triggered |
| 23 |
upgrades only and glsa-check will emerge the lowest safe version |
| 24 |
possible. Keeping old versions around is sufficient to prevent unneeded |
| 25 |
upgrades. If you want something like "emerge -u --stable world", well |
| 26 |
then you would need a dedicated tree for --stable but thats way more |
| 27 |
work than just deleting ~arch ebuilds you wouldn't use anyway. |
| 28 |
|
| 29 |
> |
| 30 |
> Take a look here: |
| 31 |
> http://www.gentoo.org/proj/en/glep/glep-0019.html |
| 32 |
This glep talkes about a "stable tree" which conforms to some "higher" |
| 33 |
QA standars than <arch> but I haven't seen much work here. Portage does |
| 34 |
not support the "stable:<arch>" syntax and there is no sign gentoo devs |
| 35 |
can handle those "higher QA" currently (see my comments on backporting |
| 36 |
and missing seperate security patches upstream). |
| 37 |
|
| 38 |
cheers |
| 39 |
Paul |
| 40 |
-- |
| 41 |
gentoo-server@g.o mailing list |
Archives