1 |
On Mon, Feb 02, 2004 at 07:22:42PM +0100 or thereabouts, Olivier Cr?te wrote: |
2 |
> A few details.. I find '~stable:<arch>' a bit odd.. "unstable stable" |
3 |
|
4 |
~masked ebuilds are not "unstable". They are "untested". Same thing here. |
5 |
|
6 |
> Maybe one year is still too short? I'd propose a much longer period (3 |
7 |
> years), I understand that this is a lot of work for the infrastructure, |
8 |
> but even at 3 years, its max 12 ebuilds per package... |
9 |
|
10 |
I don't object to making it longer, although I think 3 years is sort of |
11 |
extreme. |
12 |
|
13 |
Also, this GLEP does not talk about, nor do I personally have any interest |
14 |
in, trying to back-port fixes from new packages to versions that are 3 |
15 |
years old. As it stands with this GLEP, if the upstream maintainer decides |
16 |
to fix a security vulnerability by releasing a new version, we will most |
17 |
likely force people to upgrade that package to get that fix. If the Gentoo |
18 |
package maintainer wants to back-port, that's his/her business. However, |
19 |
there are no provisions made in this GLEP for specifically back-porting |
20 |
things to packages in the ~stable tree. |
21 |
|
22 |
> And there should be an easy way to stay on an old release and just |
23 |
> update security fixes... |
24 |
|
25 |
That is planned as part of this GLEP. Currently, the proposed duration is |
26 |
12 months. If enough people want a longer duration, and the devs don't |
27 |
mind committing to supporting a release for that long, then fine. |
28 |
|
29 |
> And also, there should be a small team that |
30 |
> controls access to that tree in between releases. To make sure that only |
31 |
> essential stuff is committed and that enough QA is done.. |
32 |
|
33 |
The purpose of this GLEP is just to establish a separate tree. If the QA |
34 |
team later wants to impose more strict requirements on access to the tree, |
35 |
that's certainly something I would personally support. |
36 |
|
37 |
--kurt |