| 1 |
On Sun, 22 Jan 2006 13:02:37 -0600 |
| 2 |
Mikey <mikey@×××××××××××.com> wrote: |
| 3 |
|
| 4 |
> On Sunday 22 January 2006 13:02, Marius Mauch wrote: |
| 5 |
> |
| 6 |
> > Well, posting YAIP (yet another implementation plan) won't really |
| 7 |
> > help either. |
| 8 |
> |
| 9 |
> Correct, plans never seem to go anywhere in regards to this... |
| 10 |
> |
| 11 |
> > Don't see the goal here, just the constraints. Are you after a |
| 12 |
> > non-moving tree, a tree with just security fixes, visibility |
| 13 |
> > filters in portage, a new `emerge moo` graphics, ... ? |
| 14 |
> |
| 15 |
> The existing tree with additional functionality. Implemented via a |
| 16 |
> new revision type. |
| 17 |
> |
| 18 |
> > > > No point, would rather add a RSYNC_OPTS var finally instead, |
| 19 |
> > > > which gives the same functionality (and much more). |
| 20 |
> |
| 21 |
> > Yeah, RSYNC_OPTIONS would remove all that hardcoded stuff and put |
| 22 |
> > it in make.globals instead. |
| 23 |
> |
| 24 |
> From make.globals: |
| 25 |
> |
| 26 |
> # ***************************** |
| 27 |
> # ** DO NOT EDIT THIS FILE ** |
| 28 |
> # *************************************************** |
| 29 |
> # **** CHANGES TO make.conf *OVERRIDE* THIS FILE **** |
| 30 |
> # *************************************************** |
| 31 |
> # ** Incremental Variables Accumulate Across Files ** |
| 32 |
> # ** USE, CONFIG_*, and FEATURES are incremental ** |
| 33 |
> # *************************************************** |
| 34 |
|
| 35 |
Your point being? |
| 36 |
|
| 37 |
> > I removed the warning in gentoolkit-2.1 (wanted to do that for quite |
| 38 |
> > some, just didn't get around to do it). What kind of inconsistent |
| 39 |
> > results are you speaking of? |
| 40 |
> |
| 41 |
> http://www.gentoo.org/proj/en/portage/glsa-integration.xml, section |
| 42 |
> on known problems. |
| 43 |
|
| 44 |
Which except for the SLOT issues are all fixed as far as I'm concernced. |
| 45 |
|
| 46 |
> The plan is nice. It does not, however, address the needs of some |
| 47 |
> users to have a STABLE system as well. Some users can't willy nilly |
| 48 |
> upgrade to the next version of a package because they might have |
| 49 |
> requirements to stay at the same version. Through something as |
| 50 |
> simple as adding a new revision specifier, a framework can be in |
| 51 |
> place to backport security fixes or ONLY apply revisions that are |
| 52 |
> security related... |
| 53 |
|
| 54 |
I get see your point here. |
| 55 |
`glsa-check -p affected` will shouw you exactly the *minimal* updates |
| 56 |
necessary to fix all known vulnerabilities. Not that hard to isolate |
| 57 |
the version bumps from the revbumps, is it? |
| 58 |
Also your idea has another major problem that renders it more or less |
| 59 |
useless: |
| 60 |
- you have foo-1.0 installed |
| 61 |
- foo-1.0-r1 with major changes is added to the tree |
| 62 |
- a security update based on -r1 is added to the tree as foo-1.0-s2 |
| 63 |
Now what? |
| 64 |
a) install -s2 including the changes from -r1 |
| 65 |
b) add another ebuild -s1 that is foo-1.0 with the security update but |
| 66 |
without the -r1 updates |
| 67 |
|
| 68 |
With a) there is no point at all in using the -sX system, with b) you |
| 69 |
get into the equality issues (here -r1 and -s1 are not |
| 70 |
functionally equal). |
| 71 |
|
| 72 |
> > Well, it "only" needs a way to feed a set of nodes into the dep |
| 73 |
> > resolver. But that in turn is quite a task as the dep resolver code |
| 74 |
> > is nasty. |
| 75 |
> |
| 76 |
> I have looked at the dep resolver and don't want to go near it with a |
| 77 |
> 10 foot pole. I only want to do the functional equivalent of |
| 78 |
> filtering out anything but "*-sX$" (pseudo regex) during the final |
| 79 |
> doemerge or when displaying in case of --pretend. |
| 80 |
|
| 81 |
That's not really what you want. |
| 82 |
-s updates might (will) be overlaid with version or revision bumps from |
| 83 |
time to time, for this to be of any use it has to happen at the |
| 84 |
resolver level (visiblity filter). |
| 85 |
|
| 86 |
> > What functionality does it actually add? The changes you described |
| 87 |
> > so far just allow multiple letters as revision prefixes. The main |
| 88 |
> > thing of your proposal was probably to limit updates to -s updates, |
| 89 |
> > and that's a tricky goal. |
| 90 |
> |
| 91 |
> It enables ebuild maintainers to backport security patches. It |
| 92 |
> allows them to fix security problems that are not glsa alerts. It |
| 93 |
> does not require the use of a new tool or integration of glsa into |
| 94 |
> portage. It allows users to distinguish between revbumps of a |
| 95 |
> trivial nature and revbumps of a security nature. |
| 96 |
|
| 97 |
Everything but the last one is already possible. For the last one you |
| 98 |
currently have to read the changelog. |
| 99 |
|
| 100 |
Marius |
| 101 |
|
| 102 |
-- |
| 103 |
Public Key at http://www.genone.de/info/gpg-key.pub |
| 104 |
|
| 105 |
In the beginning, there was nothing. And God said, 'Let there be |
| 106 |
Light.' And there was still nothing, but you could see a bit better. |
Archives