| 1 |
On Wednesday 21 July 2004 16:25, aeriksson@××××××××.fm wrote: |
| 2 |
> I second that feeling. If what we're trying to achieve is to have a |
| 3 |
> way to signal to the sysadmins that a security update is present, why |
| 4 |
> not just add a [S] entry to 'emerge -pv'? |
| 5 |
|
| 6 |
Two things. First off, I'd hope to achieve a lot more than just adding a [S] |
| 7 |
entry to emerge -pv. |
| 8 |
|
| 9 |
Secondly, where do you think Portage will get the information from to decide |
| 10 |
whether or not to add the [S]? Right now, the design of the glsa toolset is |
| 11 |
to bolt this information onto the side. With XML-based changelogs, the |
| 12 |
information could be stored where it belongs - in the list of what has |
| 13 |
changed and why. |
| 14 |
|
| 15 |
> That way the community |
| 16 |
> packaging gentoo can stay on step with the development of the upstream |
| 17 |
> project (low cost), and the sysadmin was to decide (and take the cost) |
| 18 |
> for doing the upgrade of his installed packages with security holes. |
| 19 |
|
| 20 |
Done well (ie, providing a tool so that devs don't *have* to hack XML files by |
| 21 |
hand), XML Changelogs should add no extra cost. They would also make |
| 22 |
third-party GUIs like Porthole and packages.gentoo.org much simpler to write |
| 23 |
and maintain. |
| 24 |
|
| 25 |
Best regards, |
| 26 |
Stu |
| 27 |
-- |
| 28 |
Stuart Herbert stuart@g.o |
| 29 |
Gentoo Developer http://www.gentoo.org/ |
| 30 |
http://stu.gnqs.org/diary/ |
| 31 |
|
| 32 |
GnuPG key id# F9AFC57C available from http://pgp.mit.edu |
| 33 |
Key fingerprint = 31FB 50D4 1F88 E227 F319 C549 0C2F 80BA F9AF C57C |
| 34 |
-- |
Archives