1 |
On Sun, 22 Jan 2006 10:25:37 -0600 |
2 |
Mikey <mikey@×××××××××××.com> wrote: |
3 |
|
4 |
> On Saturday 21 January 2006 22:39, Marius Mauch wrote: |
5 |
> |
6 |
> > Check the archives for gentoo-dev and gentoo-server, several |
7 |
> > implementation plans have been presented in the not-so-distant past. |
8 |
> > However everyone seems to have a slightly different goal he wants to |
9 |
> > achieve, so maybe the best would be for people to make their goals |
10 |
> > very clear. |
11 |
> |
12 |
> I have checked the archives of gentoo-dev, gentoo-server, and have |
13 |
> researched everything I can find about glep 19. I have come to the |
14 |
> conclusion that those "projects" are the /dev/null of gentoo |
15 |
> projects. Post a request somewhere - "hey, check out glep 19, wink |
16 |
> wink". |
17 |
|
18 |
Well, posting YAIP (yet another implementation plan) won't really help |
19 |
either. |
20 |
|
21 |
> Let me make my goal clear. I would like to see some simple features |
22 |
> added that does not require disruption of current usage, future |
23 |
> plans, or require massive changes. I am not interested in reviving |
24 |
> dead projects or loft goals. |
25 |
|
26 |
Don't see the goal here, just the constraints. Are you after a |
27 |
non-moving tree, a tree with just security fixes, visibility filters in |
28 |
portage, a new `emerge moo` graphics, ... ? |
29 |
|
30 |
> > No point, would rather add a RSYNC_OPTS var finally instead, which |
31 |
> > gives the same functionality (and much more). |
32 |
> |
33 |
> If that would work, great. Not sure how rsync handles |
34 |
> ordering/precedence of conflicting options, now or in the future. |
35 |
> Also not sure how the environment may or may not be manipulated in |
36 |
> the future by emerge itself. Right now the options are hard-coded |
37 |
> into emerge, the simplest place to change it in my mind is right |
38 |
> there where it happens... |
39 |
|
40 |
Yeah, RSYNC_OPTIONS would remove all that hardcoded stuff and put it in |
41 |
make.globals instead. |
42 |
|
43 |
> > > 2) Implement a new revision numbering scheme for ebuilds, -sX. |
44 |
> > > Similar to -rX, but for glsa updates only. It could be an |
45 |
> > > abbreviation for sticky, security, or stable, whatever you want. |
46 |
> > > |
47 |
> > > For example if I am currently running mysql-4.0.25, the only |
48 |
> > > candidate an emerge -u would consider would be mysql-4.0.25-s1, |
49 |
> > > mysql-4.0.25-s2, etc.... In other words, emerge considers only |
50 |
> > > -sX in its upgrade calculations, instead of -rX, and only |
51 |
> > > considers the same version. |
52 |
> > |
53 |
> > No way. No visible benefit (you know about glep 14 / glsacheck, |
54 |
> > right?) and tons of issues (redundant ebuilds, ordering |
55 |
> > screwups, ...) |
56 |
> |
57 |
> Yes, I am aware of glsacheck. How long has it been in testing? |
58 |
> Every time I try it I get inconsistent results. Something about |
59 |
> "WARNING: This tool is completely new and not very tested, so it |
60 |
> should not be used on production systems. " kind of makes me hesitate |
61 |
> to use it. |
62 |
|
63 |
I removed the warning in gentoolkit-2.1 (wanted to do that for quite |
64 |
some, just didn't get around to do it). What kind of inconsistent |
65 |
results are you speaking of? |
66 |
|
67 |
> As far as redundant ebuilds and ordering screwups. If you change |
68 |
> line 3173 of portage.py to: |
69 |
> |
70 |
> if len(myrev) and myrev[0] in ["r","s"]: |
71 |
> |
72 |
> Everything works quite well actually. The s is sorted after the r, |
73 |
> so -s7 would install after -r6 or instead of -r7. It is actually a |
74 |
> much simpler solution than glsa, could be introduced immediately to |
75 |
> the portage tree, and use of it could be optional. People could use |
76 |
> them in their own overlays, backport their own security fixes. |
77 |
|
78 |
Ok, so you just want to have another letter that does exactly the same |
79 |
as -rX, just with a semantic difference. |
80 |
Still has issues as this allows for multiple equal versions to exist |
81 |
(as -rX == -sX). And no, it could not be used immideately in the tree |
82 |
as unaware portage versions would fail with interesting errors (see |
83 |
glep 45 for background info), same reason the versioning extensions in |
84 |
2.1 can't be used yet (even if 2.1 would be stable). And I'm quite sure |
85 |
that if this would be used in the tree we'd hit versioning screwups |
86 |
sooner or later (-sX -> -rX+1 -> -rX+2 -> -sX+1). |
87 |
|
88 |
> > No chance you get people to agree on something that will bloat the |
89 |
> > tree without any real benefit. Mind that we already revbump |
90 |
> > packages for security updates. |
91 |
> |
92 |
> Packages are not only revbumped for security updates. I have not |
93 |
> researched it much, but I would be willing to be the vast majority of |
94 |
> revbumps are _rarely_ for security updates. Most of the time glsas |
95 |
> suggest to bump up to the next version of the package, not |
96 |
> revision... There is also no way to distinguish between a revbump |
97 |
> that alters the package via a revbump that is only because a glibc |
98 |
> has just been marked stable for another architecture, for example. |
99 |
|
100 |
I didn't claim that all/the majority of revbumps are security related. |
101 |
And there is a way to distinguish the different kind of revbumps: read |
102 |
the changelog. |
103 |
|
104 |
> > No, this includes way too many changes to core functions (version |
105 |
> > comparison, resolver) with no visible benefit (from my POV). In |
106 |
> > case you haven't done so already take a good look at glep 14 and |
107 |
> > glsa-check (which implements the least-invasive update algorithm |
108 |
> > you seem to be after). |
109 |
> |
110 |
> I am happy to see that you state that the "no visible benefit" is |
111 |
> limited to your POV. Glep 14 (glsa-check) is a fine idea, a fine |
112 |
> proposal. The only problem is that it appears as though it is never |
113 |
> going to happen, at least not the final goal - to get integrated into |
114 |
> portage. |
115 |
|
116 |
Well, it "only" needs a way to feed a set of nodes into the dep |
117 |
resolver. But that in turn is quite a task as the dep resolver code is |
118 |
nasty. |
119 |
|
120 |
> I like my idea better. It is a very simple change that could be |
121 |
> introduced immediately with little or no ill effect. |
122 |
|
123 |
What functionality does it actually add? The changes you described so |
124 |
far just allow multiple letters as revision prefixes. The main thing of |
125 |
your proposal was probably to limit updates to -s updates, and that's a |
126 |
tricky goal. |
127 |
|
128 |
> Functionally, |
129 |
> that one line patch I posted above would work as far as I can tell. |
130 |
> It instantly creates a framework for backporting security fixes |
131 |
> (without affecting current usage), glsa does not. |
132 |
|
133 |
Wow, allowing multiple letters for revision prefixes counts as creating |
134 |
a framework theses days ;) |
135 |
Sorry, but that change doesn't really do anything. |
136 |
|
137 |
> GLSA updates would |
138 |
> then become a fairly simple matter - emerge -Du world, filter out all |
139 |
> non -sX packages. Extend the idea further and people who desire |
140 |
> could filter syncs to just retrieve *-sX.ebuild and your load on the |
141 |
> mirrors has just lightened, not grown.. |
142 |
|
143 |
Again, you haven't touched the resolver yet, so you're not filtering |
144 |
anything out so far. And that is the crucial part here as far as I |
145 |
understand your proposal. |
146 |
|
147 |
Marius |
148 |
|
149 |
-- |
150 |
Public Key at http://www.genone.de/info/gpg-key.pub |
151 |
|
152 |
In the beginning, there was nothing. And God said, 'Let there be |
153 |
Light.' And there was still nothing, but you could see a bit better. |