1 |
For some reason I keep having this vision in my head... |
2 |
|
3 |
1. Quarterly updates of the tree. Gentoo Server would maintain 2 |
4 |
different server tree, one for the current quarter and one for the |
5 |
previous quarter. That does not seem to excessive to a maintain. One |
6 |
could specify with tree they want to use (current or delayed) |
7 |
|
8 |
2. When using emerge, one would have the option to specify a filter |
9 |
that would upgrade only the packages on my system that are security |
10 |
related. Something like "emerge -u world --security-only-updates". From |
11 |
an administrator point of view, this would be executed "often" to |
12 |
insure that public exposed servers are patched against vulnerabilities |
13 |
immediately. |
14 |
|
15 |
3. Finally, the ability to archive on the local machine (or rsync local |
16 |
server) the ebuilds. So that every-time any package is updated the |
17 |
previous ebuild is archived (tar gzip) somewhere on the local system, |
18 |
to allow even to revert to the previous ebuild if the upgrade happens |
19 |
to break things. |
20 |
The opportunity to archive the complete tree and ebuilds on the local |
21 |
machine prior to the quarterly updates would be nice too... |
22 |
|
23 |
Hope this rather simplistic approach helps the discusssion. |
24 |
|
25 |
|
26 |
Regards, |
27 |
|
28 |
Sébastien |
29 |
|
30 |
|
31 |
On Feb 12, 2004, at 04:21, Eric Sammer wrote: |
32 |
|
33 |
> The problem with this approach is that you don't benefit from security |
34 |
> updates and if you try and update only portions of the "frozen" |
35 |
> internal tree, well, you're going to be fighting to say the least. |
36 |
> |
37 |
> This is what a number of users who need a frozen tree do now and it's |
38 |
> proving to be way too much overhead. In theory, the admin maintaining |
39 |
> the internal tree is doing the work the Gentoo security team and the |
40 |
> arch maintainers are doing anyway, by themselves. |
41 |
> |
42 |
> Most of the users doing this are doing so because we don't have a |
43 |
> frozen tree and, in most cases, 190+ pairs of eyes are better than 1. |
44 |
> :) |