Gentoo Archives: gentoo-releng

From: John Davis <zhen@g.o>
To: gentoo-releng@l.g.o
Subject: Re: [gentoo-releng] So when is it really safe to take a snapshot to use for release?
Date: Mon, 12 Jan 2004 16:12:46
In Reply to: Re: [gentoo-releng] So when is it really safe to take a snapshot to use for release? by Jason Wever
Hash: SHA1

Jason Wever wrote:
| Last minute changes like this though seem to be more due to a lack of
| proper planning than some ultra crucial bug or security fix.

The openssl fix was both. The current version of openssl has TEXTREL
(static text relocations, compile w/ -fPIC to fix) in it, completely
negating the affects of hardening measures such as PaX (Address Space
Layout Randomisation). Even when not taking hardened into account,
TEXTREL is just not a good thing to have in .so's (see Debian's
development policy - they specifically disallow TEXTREL in shared

Baselayout changes are essential if we want to have working LiveCDs.

|>I would say that by the end of this week (the 16th), you will be safe to
|>make a final snapshot. The purpose of this testing week was to identify
|>things like the openssl problem ;)
| Then I will not be able to have anything ready to release at LWE, which
| was the purpose of the original release date.

The purpose of the original release date was to meet LWE, but as it has
been mentioned before, it is not crucial to release on that date (the
22nd). Gentoo is fluid, and so are our releases. Release when you can,
just try to be as close to the 22nd as you can be. Dates are not as
important as QA.

| Not all architectures can build the components for a release in the time
| that x86 and faster PPCs can.  I know this point comes back up every
| release cycle, but the behavior does not change.  Even on a fast sparc64
| box, it'll still take close to a week to build everything (stages, GRP
| and LiveCD), granted there are no problems.
| Perhaps I'm unfair in this assessment, but because of repetitive problems
| like this, I really feel like non-x86 arches are like 2nd class citizens.

Your assesment is unfair. Our goal, as well as yours, is to provide
excellent QA. If openssl and baselayout need bumped to fix security bugs
and CDBOOT problems, fine; we cannot release something that is broken.
The issue at hand has absolutely nothing to do with being a non-x86
arch. I am sorry that it takes so long to build, but as I have said,
release when you can. No one has got you in a chokehold to release on
the 22nd. If you release on the 29th, I do not care. What I do care
about is QA. Make sure your release is tested, which I am sure you will do.

Also, if you are really concerned about time, chroot into your stages
and unpack binary copies built elsewhere of openssl and baselayout. That
will definitely save you some time.

|>I know this may be frustrating, but hang in there. As far as I know,
|>openssl and baselayout are the only system packages that are going to be
|>bumped, and they should both be bumped by Friday (brad willing :) ).

If you have any further questions, please don't hesitate to contact me
off list.


- --
John Davis
Gentoo Linux Developer

- ----
Knowledge can be more terrible than ignorance if you're powerless to
change your world.
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


gentoo-releng@g.o mailing list