1 |
begin quote |
2 |
On Tue, 10 Aug 2004 00:01:07 +0000 |
3 |
Kurt Lieber <klieber@g.o> wrote: |
4 |
|
5 |
> One think that I think *everyone* agrees on is that any stable tree |
6 |
> needs to be regularly updated with security fixes. With this in mind, |
7 |
> I'm concerned with trying to maintain multiple separate SYNC modules. |
8 |
> We'd have to upgrade each one with every GLSA, thus doubling or |
9 |
> tripling the amount of CVS work needed each time. |
10 |
|
11 |
Once again, coming from an ISV standpoint where we would have loved to |
12 |
use Gentoo (or, I would, some of the people wouldn't care, and one or |
13 |
two i'd have to beat to make them bend to my will, but whatever ;) |
14 |
|
15 |
We had to scrap both Gentoo -and- Debian stable trees. Why? Because |
16 |
both update the -main- repository when releasing security fixes/ |
17 |
bugfixes. Neither have a stable tree thats archived once and never |
18 |
changes. |
19 |
|
20 |
If you have to actively change a tree (modifications directly into the |
21 |
"frozen" tree) which is the case in many environmens, you get stuck with |
22 |
this problem. if upstream ever changes their tree, work is lost. You can |
23 |
separate local trees and so on, however, once again work is lost when |
24 |
internal revisions have superceeded the ones in the tree. (fex, local |
25 |
changes to sshd to patch ther initscripts and default config files |
26 |
before rollout, which ups the revision of openssh a few times, and then |
27 |
there is a backported securityfix? It won't get merged. ) |
28 |
|
29 |
this is why I'd like to push, once more, for separated "stable" (frozen |
30 |
snapshot basically) and "updates" pushed in a separate repo. If we |
31 |
want others to use this in enterprise, we have to make it easy for them. |
32 |
:-) |
33 |
|
34 |
//Spider |
35 |
|
36 |
|
37 |
|
38 |
-- |
39 |
begin .signature |
40 |
Tortured users / Laughing in pain |
41 |
See Microsoft KB Article Q265230 for more information. |
42 |
end |