1 |
On Saturday 21 January 2006 22:39, Marius Mauch wrote: |
2 |
|
3 |
> Check the archives for gentoo-dev and gentoo-server, several |
4 |
> implementation plans have been presented in the not-so-distant past. |
5 |
> However everyone seems to have a slightly different goal he wants to |
6 |
> achieve, so maybe the best would be for people to make their goals very |
7 |
> clear. |
8 |
|
9 |
I have checked the archives of gentoo-dev, gentoo-server, and have |
10 |
researched everything I can find about glep 19. I have come to the |
11 |
conclusion that those "projects" are the /dev/null of gentoo projects. |
12 |
Post a request somewhere - "hey, check out glep 19, wink wink". |
13 |
|
14 |
Let me make my goal clear. I would like to see some simple features added |
15 |
that does not require disruption of current usage, future plans, or require |
16 |
massive changes. I am not interested in reviving dead projects or loft |
17 |
goals. |
18 |
|
19 |
> No point, would rather add a RSYNC_OPTS var finally instead, which gives |
20 |
> the same functionality (and much more). |
21 |
|
22 |
If that would work, great. Not sure how rsync handles ordering/precedence |
23 |
of conflicting options, now or in the future. Also not sure how the |
24 |
environment may or may not be manipulated in the future by emerge itself. |
25 |
Right now the options are hard-coded into emerge, the simplest place to |
26 |
change it in my mind is right there where it happens... |
27 |
|
28 |
> > 2) Implement a new revision numbering scheme for ebuilds, -sX. Similar |
29 |
> > to -rX, but for glsa updates only. It could be an abbreviation for |
30 |
> > sticky, security, or stable, whatever you want. |
31 |
> > |
32 |
> > For example if I am currently running mysql-4.0.25, the only candidate |
33 |
> > an emerge -u would consider would be mysql-4.0.25-s1, mysql-4.0.25-s2, |
34 |
> > etc.... In other words, emerge considers only -sX in its upgrade |
35 |
> > calculations, instead of -rX, and only considers the same version. |
36 |
> |
37 |
> No way. No visible benefit (you know about glep 14 / glsacheck, right?) |
38 |
> and tons of issues (redundant ebuilds, ordering screwups, ...) |
39 |
|
40 |
Yes, I am aware of glsacheck. How long has it been in testing? Every time |
41 |
I try it I get inconsistent results. Something about "WARNING: This tool |
42 |
is completely new and not very tested, so it should not be |
43 |
used on production systems. " kind of makes me hesitate to use it. |
44 |
|
45 |
As far as redundant ebuilds and ordering screwups. If you change line 3173 |
46 |
of portage.py to: |
47 |
|
48 |
if len(myrev) and myrev[0] in ["r","s"]: |
49 |
|
50 |
Everything works quite well actually. The s is sorted after the r, so -s7 |
51 |
would install after -r6 or instead of -r7. It is actually a much simpler |
52 |
solution than glsa, could be introduced immediately to the portage tree, |
53 |
and use of it could be optional. People could use them in their own |
54 |
overlays, backport their own security fixes. |
55 |
|
56 |
> No chance you get people to agree on something that will bloat the tree |
57 |
> without any real benefit. Mind that we already revbump packages for |
58 |
> security updates. |
59 |
|
60 |
Packages are not only revbumped for security updates. I have not researched |
61 |
it much, but I would be willing to be the vast majority of revbumps are |
62 |
_rarely_ for security updates. Most of the time glsas suggest to bump up |
63 |
to the next version of the package, not revision... There is also no way |
64 |
to distinguish between a revbump that alters the package via a revbump that |
65 |
is only because a glibc has just been marked stable for another |
66 |
architecture, for example. |
67 |
|
68 |
> No, this includes way too many changes to core functions (version |
69 |
> comparison, resolver) with no visible benefit (from my POV). In case you |
70 |
> haven't done so already take a good look at glep 14 and glsa-check |
71 |
> (which implements the least-invasive update algorithm you seem to be |
72 |
> after). |
73 |
|
74 |
I am happy to see that you state that the "no visible benefit" is limited to |
75 |
your POV. Glep 14 (glsa-check) is a fine idea, a fine proposal. The only |
76 |
problem is that it appears as though it is never going to happen, at least |
77 |
not the final goal - to get integrated into portage. |
78 |
|
79 |
I like my idea better. It is a very simple change that could be introduced |
80 |
immediately with little or no ill effect. Functionally, that one line |
81 |
patch I posted above would work as far as I can tell. It instantly creates |
82 |
a framework for backporting security fixes (without affecting current |
83 |
usage), glsa does not. GLSA updates would then become a fairly simple |
84 |
matter - emerge -Du world, filter out all non -sX packages. Extend the |
85 |
idea further and people who desire could filter syncs to just retrieve |
86 |
*-sX.ebuild and your load on the mirrors has just lightened, not grown.. |