1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Jason Wever wrote: |
5 |
| |
6 |
| Last minute changes like this though seem to be more due to a lack of |
7 |
| proper planning than some ultra crucial bug or security fix. |
8 |
| |
9 |
|
10 |
The openssl fix was both. The current version of openssl has TEXTREL |
11 |
(static text relocations, compile w/ -fPIC to fix) in it, completely |
12 |
negating the affects of hardening measures such as PaX (Address Space |
13 |
Layout Randomisation). Even when not taking hardened into account, |
14 |
TEXTREL is just not a good thing to have in .so's (see Debian's |
15 |
development policy - they specifically disallow TEXTREL in shared |
16 |
libraries). |
17 |
|
18 |
Baselayout changes are essential if we want to have working LiveCDs. |
19 |
|
20 |
| |
21 |
|>I would say that by the end of this week (the 16th), you will be safe to |
22 |
|>make a final snapshot. The purpose of this testing week was to identify |
23 |
|>things like the openssl problem ;) |
24 |
| |
25 |
| |
26 |
| Then I will not be able to have anything ready to release at LWE, which |
27 |
| was the purpose of the original release date. |
28 |
| |
29 |
|
30 |
The purpose of the original release date was to meet LWE, but as it has |
31 |
been mentioned before, it is not crucial to release on that date (the |
32 |
22nd). Gentoo is fluid, and so are our releases. Release when you can, |
33 |
just try to be as close to the 22nd as you can be. Dates are not as |
34 |
important as QA. |
35 |
|
36 |
| Not all architectures can build the components for a release in the time |
37 |
| that x86 and faster PPCs can. I know this point comes back up every |
38 |
| release cycle, but the behavior does not change. Even on a fast sparc64 |
39 |
| box, it'll still take close to a week to build everything (stages, GRP |
40 |
| and LiveCD), granted there are no problems. |
41 |
| |
42 |
| Perhaps I'm unfair in this assessment, but because of repetitive problems |
43 |
| like this, I really feel like non-x86 arches are like 2nd class citizens. |
44 |
| |
45 |
|
46 |
Your assesment is unfair. Our goal, as well as yours, is to provide |
47 |
excellent QA. If openssl and baselayout need bumped to fix security bugs |
48 |
and CDBOOT problems, fine; we cannot release something that is broken. |
49 |
The issue at hand has absolutely nothing to do with being a non-x86 |
50 |
arch. I am sorry that it takes so long to build, but as I have said, |
51 |
release when you can. No one has got you in a chokehold to release on |
52 |
the 22nd. If you release on the 29th, I do not care. What I do care |
53 |
about is QA. Make sure your release is tested, which I am sure you will do. |
54 |
|
55 |
Also, if you are really concerned about time, chroot into your stages |
56 |
and unpack binary copies built elsewhere of openssl and baselayout. That |
57 |
will definitely save you some time. |
58 |
|
59 |
| |
60 |
|>I know this may be frustrating, but hang in there. As far as I know, |
61 |
|>openssl and baselayout are the only system packages that are going to be |
62 |
|>bumped, and they should both be bumped by Friday (brad willing :) ). |
63 |
| |
64 |
|
65 |
If you have any further questions, please don't hesitate to contact me |
66 |
off list. |
67 |
|
68 |
Cheers, |
69 |
//zhen |
70 |
|
71 |
- -- |
72 |
John Davis |
73 |
Gentoo Linux Developer |
74 |
<http://dev.gentoo.org/~zhen> |
75 |
|
76 |
- ---- |
77 |
Knowledge can be more terrible than ignorance if you're powerless to |
78 |
change your world. |
79 |
-----BEGIN PGP SIGNATURE----- |
80 |
Version: GnuPG v1.2.3 (GNU/Linux) |
81 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
82 |
|
83 |
iD8DBQFAAsRHZlASNRlGLUcRAiCfAJ941qzVJ9p1PrhNJgZJi2Pbj8mkRQCdGdwW |
84 |
CbnQz23rPdJs16sSUVJA6Mk= |
85 |
=snZt |
86 |
-----END PGP SIGNATURE----- |
87 |
|
88 |
|
89 |
-- |
90 |
gentoo-releng@g.o mailing list |