1 |
Jan Meier wrote: |
2 |
> Am Mittwoch 16 August 2006 15:12 schrieb Paul Kölle: |
3 |
>> Jan Meier wrote: |
4 |
>>> I would be willing to start such a stable tree, I am thinking of taking a |
5 |
>>> current portage tree, delete all ~arch ebuilds and create an overlay. |
6 |
>>> Every time a security announcement is fired up I will add the newer |
7 |
>>> ebuild to the overlay, checking for any really needed depencies. |
8 |
>> ~arch doesn't hurt, so the main difference to glsa-check+standard tree |
9 |
>> would be old ebuilds not being deleted right? |
10 |
> |
11 |
> No, the advantage would be that new ebuilds would not come into the portage |
12 |
> tree. Only security relevant ebuilds, formerly which fix security holes, |
13 |
> would come into the tree (kernel, php, mysql, apache, etc. should not be |
14 |
> stopped from entering the portage tree). |
15 |
Sorry, I don't get it. Why are you concerned about packages in the tree |
16 |
you don't use? Is it about space savings? |
17 |
|
18 |
> This has the advantage that there would be less packages to update when the |
19 |
> system has to be updated. And if there are security relevant updates there |
20 |
> would not be as much dependency updates as with the normal tree. |
21 |
The depgraph of a bumped package does not depend on being bumped due to |
22 |
a GLSA or not. If you only use glsa-check, you will get GLSA triggered |
23 |
upgrades only and glsa-check will emerge the lowest safe version |
24 |
possible. Keeping old versions around is sufficient to prevent unneeded |
25 |
upgrades. If you want something like "emerge -u --stable world", well |
26 |
then you would need a dedicated tree for --stable but thats way more |
27 |
work than just deleting ~arch ebuilds you wouldn't use anyway. |
28 |
|
29 |
> |
30 |
> Take a look here: |
31 |
> http://www.gentoo.org/proj/en/glep/glep-0019.html |
32 |
This glep talkes about a "stable tree" which conforms to some "higher" |
33 |
QA standars than <arch> but I haven't seen much work here. Portage does |
34 |
not support the "stable:<arch>" syntax and there is no sign gentoo devs |
35 |
can handle those "higher QA" currently (see my comments on backporting |
36 |
and missing seperate security patches upstream). |
37 |
|
38 |
cheers |
39 |
Paul |
40 |
-- |
41 |
gentoo-server@g.o mailing list |