| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Olivier Crete wrote: |
| 5 |
|
| 6 |
| On Wed, 2004-07-21 at 16:00 -0400, Chris Gianelloni wrote: |
| 7 |
|
| 8 |
|>I can see how profiles could be used to accomplish this sort of thing, |
| 9 |
|>but pinning of versions would not be the way to go about it. |
| 10 |
| |
| 11 |
| |
| 12 |
| I agree |
| 13 |
|
| 14 |
I second that, profiles seem like something that is far to static to work well |
| 15 |
with security updates and allowing site admins to upgrade specific packages if |
| 16 |
they choose to do so. |
| 17 |
| |
| 18 |
| |
| 19 |
| |
| 20 |
|>For simplicity, I'm going to name everything, but none of this is set in |
| 21 |
|>stone. For one, the "gentoo-x86" CVS module would be come |
| 22 |
|>"gentoo-current", as it reflects the actual usage and state of the |
| 23 |
|>tree. The profiles in the current tree would have their versions |
| 24 |
|>removed, as this is a fluid target. This matches our current tree the |
| 25 |
|>best, and allows for us to make dynamic changes to the profiles between |
| 26 |
|>releases. For example, default-x86-2005.0 (or |
| 27 |
|>default-linux/x86/2005.0), would become default-linux/x86/current. Each |
| 28 |
|>release tree would be identified as such. I'm going to work with |
| 29 |
|>cascading profiles, to make my life easier. At release time, a branch |
| 30 |
|>is made for the release. We would take the stable ebuilds/packages from |
| 31 |
|>gentoo-current and drop it into gentoo-2005.0-release and a new profile |
| 32 |
|>default-linux/x86/2005.0 would be created. This profile would never |
| 33 |
|>change. If there were multiple sets of stages created, such as the |
| 34 |
|>amd64 release for 2004.2, which will have both gcc 3.3 and gcc 3.4 |
| 35 |
|>stages, a sub-profile would be created, |
| 36 |
|>default-linux/amd64/2005.0/gcc34. |
| 37 |
|> |
| 38 |
|>At this point, the -release tree is turned over to -releng and the arch |
| 39 |
|>leads/maintainers for preparation for the impending release. If changes |
| 40 |
|>are needed that only affect the LiveCD/GRP, they go into the tree |
| 41 |
|>directly. If changes are needed that affect the package as a whole, the |
| 42 |
|>package maintainer is contacted, and the package is fixed in both the |
| 43 |
|>-current and -release trees. At some point, the tree is frozen and a |
| 44 |
|>snapshot is made. This becomes the official snapshot for that release. |
| 45 |
|>A new rsync mirror set is created for the tree, and the make.globals |
| 46 |
|>SYNC is set to that new rsync mirror, |
| 47 |
|>rsync://rsync.gentoo.org/gentoo-2005.0-release/. The stages/LiveCD/GRP |
| 48 |
|>is built for the release, and everything is golden. The things that are |
| 49 |
|>marked as "stable" are never changed via rsync in this tree, as they are |
| 50 |
|>the unchanging base. The release is made, the planets align, and there |
| 51 |
|>is peace for a thousand generations... |
| 52 |
| |
| 53 |
| |
| 54 |
| I like the idea of a separate tree.. But if it really rarely changes, |
| 55 |
| rsync is just overkill and will overburden our mirrors.. Lets just make |
| 56 |
| it a tarball and put the enhancements in a rsync'ed overlay. Rsync is |
| 57 |
| for stuff that changes... |
| 58 |
|
| 59 |
I also like the seperate trees. And splitting out the base system into a |
| 60 |
tarball and putting only updates in the rsync tree is certainly doable. |
| 61 |
However, dividing out between a release tarball and synced updates begins to |
| 62 |
distroy the elegence that only switching a portage tree has. I don't really |
| 63 |
see why using rsync will overburden the mirrors any more than they are now. |
| 64 |
Afterall, currently everyone has to rsync. If it is so important to use |
| 65 |
tarballs maybe it would work to just provide update snapshots that can be |
| 66 |
downloaded and inserted into the existing tree. Snapshots could be done by |
| 67 |
either grabbing the whole tree or just include new or updated ebuilds. Basicly |
| 68 |
it would be encouraging enerprise users to use emerge-webrsync instead of |
| 69 |
emerge sync. Personally though, I don't think avoiding rsync would really help |
| 70 |
that much. |
| 71 |
| |
| 72 |
| |
| 73 |
| |
| 74 |
|>...until disaster strikes and a package has a security vulnerability. |
| 75 |
|>At this point, the package is patched, a GLSA is released, and the new |
| 76 |
|>ebuild goes into the tree as ~arch. You will notice that I have left |
| 77 |
|>out the whole "who does the updates" part of this and there is a good |
| 78 |
|>reason for it. I haven't got a clue. This would need to be decided by |
| 79 |
|>interest. After all, many people are not going to be very excited about |
| 80 |
|>applying patches to old versions of software, and that's ok. |
| 81 |
|>*** This is the weakness in not only my plan, but ANY "Enterprise |
| 82 |
|>Gentoo" plan *** |
| 83 |
|
| 84 |
Who maintains the old trees is a pretty big issue. Is this more serious than |
| 85 |
just determining how many releases to support and will actually limit how |
| 86 |
'enterprise' like enterprise gentoo will be? There have been a far range of |
| 87 |
needs that could be addressed. Can gentoo do it all or just rehash fancy ways |
| 88 |
of doing `glsa-check`? |
| 89 |
| |
| 90 |
| |
| 91 |
| This overlays should probably each have their own cvs module (or all be |
| 92 |
| directories under the same module, I dont really care... Where all |
| 93 |
| package maintainers would have access.. And then we can mark them stable |
| 94 |
| using the same kind of procedures we currently use for GLSAs... |
| 95 |
| |
| 96 |
| Also, the problem with maintaining older versions is that we need to |
| 97 |
| have at least one machine available for each version where the concerned |
| 98 |
| devs can test security updates.. Ok, maybe at least one per |
| 99 |
| architectures using chroots... but its still a lot of infrastructure.. |
| 100 |
| That's why reducing the number of stable releases to maybe even just one |
| 101 |
| a year might be a good idea. |
| 102 |
| |
| 103 |
| |
| 104 |
| |
| 105 |
|
| 106 |
|
| 107 |
- -- |
| 108 |
Michael Marineau |
| 109 |
marineam@×××××××××.edu |
| 110 |
Oregon State University |
| 111 |
-----BEGIN PGP SIGNATURE----- |
| 112 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 113 |
|
| 114 |
iD8DBQFA/uawiP+LossGzjARAmYbAJ4sswV9auaRqQAm+sADGL4lTXK90ACeMPIU |
| 115 |
3aZUzSmnBx5XAQBfbwh5OBY= |
| 116 |
=YC3k |
| 117 |
-----END PGP SIGNATURE----- |
| 118 |
|
| 119 |
-- |
| 120 |
gentoo-dev@g.o mailing list |
Archives