| 1 |
On Sun, 22 Jan 2006 10:25:37 -0600 |
| 2 |
Mikey <mikey@×××××××××××.com> wrote: |
| 3 |
|
| 4 |
> On Saturday 21 January 2006 22:39, Marius Mauch wrote: |
| 5 |
> |
| 6 |
> > Check the archives for gentoo-dev and gentoo-server, several |
| 7 |
> > implementation plans have been presented in the not-so-distant past. |
| 8 |
> > However everyone seems to have a slightly different goal he wants to |
| 9 |
> > achieve, so maybe the best would be for people to make their goals |
| 10 |
> > very clear. |
| 11 |
> |
| 12 |
> I have checked the archives of gentoo-dev, gentoo-server, and have |
| 13 |
> researched everything I can find about glep 19. I have come to the |
| 14 |
> conclusion that those "projects" are the /dev/null of gentoo |
| 15 |
> projects. Post a request somewhere - "hey, check out glep 19, wink |
| 16 |
> wink". |
| 17 |
|
| 18 |
Well, posting YAIP (yet another implementation plan) won't really help |
| 19 |
either. |
| 20 |
|
| 21 |
> Let me make my goal clear. I would like to see some simple features |
| 22 |
> added that does not require disruption of current usage, future |
| 23 |
> plans, or require massive changes. I am not interested in reviving |
| 24 |
> dead projects or loft goals. |
| 25 |
|
| 26 |
Don't see the goal here, just the constraints. Are you after a |
| 27 |
non-moving tree, a tree with just security fixes, visibility filters in |
| 28 |
portage, a new `emerge moo` graphics, ... ? |
| 29 |
|
| 30 |
> > No point, would rather add a RSYNC_OPTS var finally instead, which |
| 31 |
> > gives the same functionality (and much more). |
| 32 |
> |
| 33 |
> If that would work, great. Not sure how rsync handles |
| 34 |
> ordering/precedence of conflicting options, now or in the future. |
| 35 |
> Also not sure how the environment may or may not be manipulated in |
| 36 |
> the future by emerge itself. Right now the options are hard-coded |
| 37 |
> into emerge, the simplest place to change it in my mind is right |
| 38 |
> there where it happens... |
| 39 |
|
| 40 |
Yeah, RSYNC_OPTIONS would remove all that hardcoded stuff and put it in |
| 41 |
make.globals instead. |
| 42 |
|
| 43 |
> > > 2) Implement a new revision numbering scheme for ebuilds, -sX. |
| 44 |
> > > Similar to -rX, but for glsa updates only. It could be an |
| 45 |
> > > abbreviation for sticky, security, or stable, whatever you want. |
| 46 |
> > > |
| 47 |
> > > For example if I am currently running mysql-4.0.25, the only |
| 48 |
> > > candidate an emerge -u would consider would be mysql-4.0.25-s1, |
| 49 |
> > > mysql-4.0.25-s2, etc.... In other words, emerge considers only |
| 50 |
> > > -sX in its upgrade calculations, instead of -rX, and only |
| 51 |
> > > considers the same version. |
| 52 |
> > |
| 53 |
> > No way. No visible benefit (you know about glep 14 / glsacheck, |
| 54 |
> > right?) and tons of issues (redundant ebuilds, ordering |
| 55 |
> > screwups, ...) |
| 56 |
> |
| 57 |
> Yes, I am aware of glsacheck. How long has it been in testing? |
| 58 |
> Every time I try it I get inconsistent results. Something about |
| 59 |
> "WARNING: This tool is completely new and not very tested, so it |
| 60 |
> should not be used on production systems. " kind of makes me hesitate |
| 61 |
> to use it. |
| 62 |
|
| 63 |
I removed the warning in gentoolkit-2.1 (wanted to do that for quite |
| 64 |
some, just didn't get around to do it). What kind of inconsistent |
| 65 |
results are you speaking of? |
| 66 |
|
| 67 |
> As far as redundant ebuilds and ordering screwups. If you change |
| 68 |
> line 3173 of portage.py to: |
| 69 |
> |
| 70 |
> if len(myrev) and myrev[0] in ["r","s"]: |
| 71 |
> |
| 72 |
> Everything works quite well actually. The s is sorted after the r, |
| 73 |
> so -s7 would install after -r6 or instead of -r7. It is actually a |
| 74 |
> much simpler solution than glsa, could be introduced immediately to |
| 75 |
> the portage tree, and use of it could be optional. People could use |
| 76 |
> them in their own overlays, backport their own security fixes. |
| 77 |
|
| 78 |
Ok, so you just want to have another letter that does exactly the same |
| 79 |
as -rX, just with a semantic difference. |
| 80 |
Still has issues as this allows for multiple equal versions to exist |
| 81 |
(as -rX == -sX). And no, it could not be used immideately in the tree |
| 82 |
as unaware portage versions would fail with interesting errors (see |
| 83 |
glep 45 for background info), same reason the versioning extensions in |
| 84 |
2.1 can't be used yet (even if 2.1 would be stable). And I'm quite sure |
| 85 |
that if this would be used in the tree we'd hit versioning screwups |
| 86 |
sooner or later (-sX -> -rX+1 -> -rX+2 -> -sX+1). |
| 87 |
|
| 88 |
> > No chance you get people to agree on something that will bloat the |
| 89 |
> > tree without any real benefit. Mind that we already revbump |
| 90 |
> > packages for security updates. |
| 91 |
> |
| 92 |
> Packages are not only revbumped for security updates. I have not |
| 93 |
> researched it much, but I would be willing to be the vast majority of |
| 94 |
> revbumps are _rarely_ for security updates. Most of the time glsas |
| 95 |
> suggest to bump up to the next version of the package, not |
| 96 |
> revision... There is also no way to distinguish between a revbump |
| 97 |
> that alters the package via a revbump that is only because a glibc |
| 98 |
> has just been marked stable for another architecture, for example. |
| 99 |
|
| 100 |
I didn't claim that all/the majority of revbumps are security related. |
| 101 |
And there is a way to distinguish the different kind of revbumps: read |
| 102 |
the changelog. |
| 103 |
|
| 104 |
> > No, this includes way too many changes to core functions (version |
| 105 |
> > comparison, resolver) with no visible benefit (from my POV). In |
| 106 |
> > case you haven't done so already take a good look at glep 14 and |
| 107 |
> > glsa-check (which implements the least-invasive update algorithm |
| 108 |
> > you seem to be after). |
| 109 |
> |
| 110 |
> I am happy to see that you state that the "no visible benefit" is |
| 111 |
> limited to your POV. Glep 14 (glsa-check) is a fine idea, a fine |
| 112 |
> proposal. The only problem is that it appears as though it is never |
| 113 |
> going to happen, at least not the final goal - to get integrated into |
| 114 |
> portage. |
| 115 |
|
| 116 |
Well, it "only" needs a way to feed a set of nodes into the dep |
| 117 |
resolver. But that in turn is quite a task as the dep resolver code is |
| 118 |
nasty. |
| 119 |
|
| 120 |
> I like my idea better. It is a very simple change that could be |
| 121 |
> introduced immediately with little or no ill effect. |
| 122 |
|
| 123 |
What functionality does it actually add? The changes you described so |
| 124 |
far just allow multiple letters as revision prefixes. The main thing of |
| 125 |
your proposal was probably to limit updates to -s updates, and that's a |
| 126 |
tricky goal. |
| 127 |
|
| 128 |
> Functionally, |
| 129 |
> that one line patch I posted above would work as far as I can tell. |
| 130 |
> It instantly creates a framework for backporting security fixes |
| 131 |
> (without affecting current usage), glsa does not. |
| 132 |
|
| 133 |
Wow, allowing multiple letters for revision prefixes counts as creating |
| 134 |
a framework theses days ;) |
| 135 |
Sorry, but that change doesn't really do anything. |
| 136 |
|
| 137 |
> GLSA updates would |
| 138 |
> then become a fairly simple matter - emerge -Du world, filter out all |
| 139 |
> non -sX packages. Extend the idea further and people who desire |
| 140 |
> could filter syncs to just retrieve *-sX.ebuild and your load on the |
| 141 |
> mirrors has just lightened, not grown.. |
| 142 |
|
| 143 |
Again, you haven't touched the resolver yet, so you're not filtering |
| 144 |
anything out so far. And that is the crucial part here as far as I |
| 145 |
understand your proposal. |
| 146 |
|
| 147 |
Marius |
| 148 |
|
| 149 |
-- |
| 150 |
Public Key at http://www.genone.de/info/gpg-key.pub |
| 151 |
|
| 152 |
In the beginning, there was nothing. And God said, 'Let there be |
| 153 |
Light.' And there was still nothing, but you could see a bit better. |
Archives