1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Olivier Crete wrote: |
5 |
|
6 |
| On Wed, 2004-07-21 at 16:00 -0400, Chris Gianelloni wrote: |
7 |
|
8 |
|>I can see how profiles could be used to accomplish this sort of thing, |
9 |
|>but pinning of versions would not be the way to go about it. |
10 |
| |
11 |
| |
12 |
| I agree |
13 |
|
14 |
I second that, profiles seem like something that is far to static to work well |
15 |
with security updates and allowing site admins to upgrade specific packages if |
16 |
they choose to do so. |
17 |
| |
18 |
| |
19 |
| |
20 |
|>For simplicity, I'm going to name everything, but none of this is set in |
21 |
|>stone. For one, the "gentoo-x86" CVS module would be come |
22 |
|>"gentoo-current", as it reflects the actual usage and state of the |
23 |
|>tree. The profiles in the current tree would have their versions |
24 |
|>removed, as this is a fluid target. This matches our current tree the |
25 |
|>best, and allows for us to make dynamic changes to the profiles between |
26 |
|>releases. For example, default-x86-2005.0 (or |
27 |
|>default-linux/x86/2005.0), would become default-linux/x86/current. Each |
28 |
|>release tree would be identified as such. I'm going to work with |
29 |
|>cascading profiles, to make my life easier. At release time, a branch |
30 |
|>is made for the release. We would take the stable ebuilds/packages from |
31 |
|>gentoo-current and drop it into gentoo-2005.0-release and a new profile |
32 |
|>default-linux/x86/2005.0 would be created. This profile would never |
33 |
|>change. If there were multiple sets of stages created, such as the |
34 |
|>amd64 release for 2004.2, which will have both gcc 3.3 and gcc 3.4 |
35 |
|>stages, a sub-profile would be created, |
36 |
|>default-linux/amd64/2005.0/gcc34. |
37 |
|> |
38 |
|>At this point, the -release tree is turned over to -releng and the arch |
39 |
|>leads/maintainers for preparation for the impending release. If changes |
40 |
|>are needed that only affect the LiveCD/GRP, they go into the tree |
41 |
|>directly. If changes are needed that affect the package as a whole, the |
42 |
|>package maintainer is contacted, and the package is fixed in both the |
43 |
|>-current and -release trees. At some point, the tree is frozen and a |
44 |
|>snapshot is made. This becomes the official snapshot for that release. |
45 |
|>A new rsync mirror set is created for the tree, and the make.globals |
46 |
|>SYNC is set to that new rsync mirror, |
47 |
|>rsync://rsync.gentoo.org/gentoo-2005.0-release/. The stages/LiveCD/GRP |
48 |
|>is built for the release, and everything is golden. The things that are |
49 |
|>marked as "stable" are never changed via rsync in this tree, as they are |
50 |
|>the unchanging base. The release is made, the planets align, and there |
51 |
|>is peace for a thousand generations... |
52 |
| |
53 |
| |
54 |
| I like the idea of a separate tree.. But if it really rarely changes, |
55 |
| rsync is just overkill and will overburden our mirrors.. Lets just make |
56 |
| it a tarball and put the enhancements in a rsync'ed overlay. Rsync is |
57 |
| for stuff that changes... |
58 |
|
59 |
I also like the seperate trees. And splitting out the base system into a |
60 |
tarball and putting only updates in the rsync tree is certainly doable. |
61 |
However, dividing out between a release tarball and synced updates begins to |
62 |
distroy the elegence that only switching a portage tree has. I don't really |
63 |
see why using rsync will overburden the mirrors any more than they are now. |
64 |
Afterall, currently everyone has to rsync. If it is so important to use |
65 |
tarballs maybe it would work to just provide update snapshots that can be |
66 |
downloaded and inserted into the existing tree. Snapshots could be done by |
67 |
either grabbing the whole tree or just include new or updated ebuilds. Basicly |
68 |
it would be encouraging enerprise users to use emerge-webrsync instead of |
69 |
emerge sync. Personally though, I don't think avoiding rsync would really help |
70 |
that much. |
71 |
| |
72 |
| |
73 |
| |
74 |
|>...until disaster strikes and a package has a security vulnerability. |
75 |
|>At this point, the package is patched, a GLSA is released, and the new |
76 |
|>ebuild goes into the tree as ~arch. You will notice that I have left |
77 |
|>out the whole "who does the updates" part of this and there is a good |
78 |
|>reason for it. I haven't got a clue. This would need to be decided by |
79 |
|>interest. After all, many people are not going to be very excited about |
80 |
|>applying patches to old versions of software, and that's ok. |
81 |
|>*** This is the weakness in not only my plan, but ANY "Enterprise |
82 |
|>Gentoo" plan *** |
83 |
|
84 |
Who maintains the old trees is a pretty big issue. Is this more serious than |
85 |
just determining how many releases to support and will actually limit how |
86 |
'enterprise' like enterprise gentoo will be? There have been a far range of |
87 |
needs that could be addressed. Can gentoo do it all or just rehash fancy ways |
88 |
of doing `glsa-check`? |
89 |
| |
90 |
| |
91 |
| This overlays should probably each have their own cvs module (or all be |
92 |
| directories under the same module, I dont really care... Where all |
93 |
| package maintainers would have access.. And then we can mark them stable |
94 |
| using the same kind of procedures we currently use for GLSAs... |
95 |
| |
96 |
| Also, the problem with maintaining older versions is that we need to |
97 |
| have at least one machine available for each version where the concerned |
98 |
| devs can test security updates.. Ok, maybe at least one per |
99 |
| architectures using chroots... but its still a lot of infrastructure.. |
100 |
| That's why reducing the number of stable releases to maybe even just one |
101 |
| a year might be a good idea. |
102 |
| |
103 |
| |
104 |
| |
105 |
|
106 |
|
107 |
- -- |
108 |
Michael Marineau |
109 |
marineam@×××××××××.edu |
110 |
Oregon State University |
111 |
-----BEGIN PGP SIGNATURE----- |
112 |
Version: GnuPG v1.2.4 (GNU/Linux) |
113 |
|
114 |
iD8DBQFA/uawiP+LossGzjARAmYbAJ4sswV9auaRqQAm+sADGL4lTXK90ACeMPIU |
115 |
3aZUzSmnBx5XAQBfbwh5OBY= |
116 |
=YC3k |
117 |
-----END PGP SIGNATURE----- |
118 |
|
119 |
-- |
120 |
gentoo-dev@g.o mailing list |