| 1 |
On Saturday 21 January 2006 22:39, Marius Mauch wrote: |
| 2 |
|
| 3 |
> Check the archives for gentoo-dev and gentoo-server, several |
| 4 |
> implementation plans have been presented in the not-so-distant past. |
| 5 |
> However everyone seems to have a slightly different goal he wants to |
| 6 |
> achieve, so maybe the best would be for people to make their goals very |
| 7 |
> clear. |
| 8 |
|
| 9 |
I have checked the archives of gentoo-dev, gentoo-server, and have |
| 10 |
researched everything I can find about glep 19. I have come to the |
| 11 |
conclusion that those "projects" are the /dev/null of gentoo projects. |
| 12 |
Post a request somewhere - "hey, check out glep 19, wink wink". |
| 13 |
|
| 14 |
Let me make my goal clear. I would like to see some simple features added |
| 15 |
that does not require disruption of current usage, future plans, or require |
| 16 |
massive changes. I am not interested in reviving dead projects or loft |
| 17 |
goals. |
| 18 |
|
| 19 |
> No point, would rather add a RSYNC_OPTS var finally instead, which gives |
| 20 |
> the same functionality (and much more). |
| 21 |
|
| 22 |
If that would work, great. Not sure how rsync handles ordering/precedence |
| 23 |
of conflicting options, now or in the future. Also not sure how the |
| 24 |
environment may or may not be manipulated in the future by emerge itself. |
| 25 |
Right now the options are hard-coded into emerge, the simplest place to |
| 26 |
change it in my mind is right there where it happens... |
| 27 |
|
| 28 |
> > 2) Implement a new revision numbering scheme for ebuilds, -sX. Similar |
| 29 |
> > to -rX, but for glsa updates only. It could be an abbreviation for |
| 30 |
> > sticky, security, or stable, whatever you want. |
| 31 |
> > |
| 32 |
> > For example if I am currently running mysql-4.0.25, the only candidate |
| 33 |
> > an emerge -u would consider would be mysql-4.0.25-s1, mysql-4.0.25-s2, |
| 34 |
> > etc.... In other words, emerge considers only -sX in its upgrade |
| 35 |
> > calculations, instead of -rX, and only considers the same version. |
| 36 |
> |
| 37 |
> No way. No visible benefit (you know about glep 14 / glsacheck, right?) |
| 38 |
> and tons of issues (redundant ebuilds, ordering screwups, ...) |
| 39 |
|
| 40 |
Yes, I am aware of glsacheck. How long has it been in testing? Every time |
| 41 |
I try it I get inconsistent results. Something about "WARNING: This tool |
| 42 |
is completely new and not very tested, so it should not be |
| 43 |
used on production systems. " kind of makes me hesitate to use it. |
| 44 |
|
| 45 |
As far as redundant ebuilds and ordering screwups. If you change line 3173 |
| 46 |
of portage.py to: |
| 47 |
|
| 48 |
if len(myrev) and myrev[0] in ["r","s"]: |
| 49 |
|
| 50 |
Everything works quite well actually. The s is sorted after the r, so -s7 |
| 51 |
would install after -r6 or instead of -r7. It is actually a much simpler |
| 52 |
solution than glsa, could be introduced immediately to the portage tree, |
| 53 |
and use of it could be optional. People could use them in their own |
| 54 |
overlays, backport their own security fixes. |
| 55 |
|
| 56 |
> No chance you get people to agree on something that will bloat the tree |
| 57 |
> without any real benefit. Mind that we already revbump packages for |
| 58 |
> security updates. |
| 59 |
|
| 60 |
Packages are not only revbumped for security updates. I have not researched |
| 61 |
it much, but I would be willing to be the vast majority of revbumps are |
| 62 |
_rarely_ for security updates. Most of the time glsas suggest to bump up |
| 63 |
to the next version of the package, not revision... There is also no way |
| 64 |
to distinguish between a revbump that alters the package via a revbump that |
| 65 |
is only because a glibc has just been marked stable for another |
| 66 |
architecture, for example. |
| 67 |
|
| 68 |
> No, this includes way too many changes to core functions (version |
| 69 |
> comparison, resolver) with no visible benefit (from my POV). In case you |
| 70 |
> haven't done so already take a good look at glep 14 and glsa-check |
| 71 |
> (which implements the least-invasive update algorithm you seem to be |
| 72 |
> after). |
| 73 |
|
| 74 |
I am happy to see that you state that the "no visible benefit" is limited to |
| 75 |
your POV. Glep 14 (glsa-check) is a fine idea, a fine proposal. The only |
| 76 |
problem is that it appears as though it is never going to happen, at least |
| 77 |
not the final goal - to get integrated into portage. |
| 78 |
|
| 79 |
I like my idea better. It is a very simple change that could be introduced |
| 80 |
immediately with little or no ill effect. Functionally, that one line |
| 81 |
patch I posted above would work as far as I can tell. It instantly creates |
| 82 |
a framework for backporting security fixes (without affecting current |
| 83 |
usage), glsa does not. GLSA updates would then become a fairly simple |
| 84 |
matter - emerge -Du world, filter out all non -sX packages. Extend the |
| 85 |
idea further and people who desire could filter syncs to just retrieve |
| 86 |
*-sX.ebuild and your load on the mirrors has just lightened, not grown.. |
Archives