Please follow the KISS principle

Wed Dec 31 14:01:42 UTC 2003

On Wed, 2003-12-31 at 06:59, Johnny Strom wrote:
> Warren Togami wrote:
> > I am trying to remember... I believe this means we would need to 
> > maintain two separate sets of package management tools, as apt compiled 
> > for rpm-4.1 and rpm-4.1.1 are different.  I could be wrong though.
> > 
> > I dislike the idea of splitting bugfix and security updates because it 
> > would further add complexity to the client configuration, as well as add 
> > more unnecessary work to the project.  If the concern is that we will go 
> > wild with arbitrary bugfix packages, this is totally not the case. 
> > Bugfixes will be very rare in Legacy, and only in cases where there is 
> > no credible opposition.
> > 
> > (Actually, non-critical bugfixes will probably go into the "stable" 
> > channel of fedora.us, which is not by default part of Legacy's default 
> > channels.)
> > 
> > Regarding RPM specifically, it is a losing proposition to even suggest 
> > using RH8 without an RPM upgrade.  And don't worry about the stability 
> > of that RPM upgrade, as it is very well understood and tested for a very 
> > great amount of time and analysis involved.  We at fedora.us have been 
> > arguing about this all year now.  This is nothing new, like people here 
> > seem to think it is.
> > 
> > Warren
> 
> Hi
> 
> I was thinking that the bugfixes that are rear should be separated
> so that it would be opptional for users to go and download them
> manually from ftp or http. If it is done like that then the bugfixes 
> will not make any extra trouble for the primary security fixes and no
> changes would be needed to any client or am I wrong about that?.
> 
> In this way we would follow the KISS method and still make ppl
> happy that want to fix some bugs.
> 

I think what Warren is trying to say is that the RPM upgrade is a
special bug fix that makes sense moving forward.  It makes sense to
perform this fix because it affects the system by which we upgrade our
servers.  Plus it is a special case and it is well understood.

If it takes upgrading rpm for RedHat 8.0 and RedHat 9 to keep interest
in the project I am for it.  I think we are intelligent enough to manage
this.  I personally plan on moving all my machines over to 8.0 and 9. 
So I rather have the rpm stability.

BTW: What is progeny doing?  I think if people are interested in a pure
play security fix for there servers they might want to consider them.  I
think Fedora Legacy intended to be a little more than that.

Help blurb:  While I think I will have time to do patching and packages,
I am not certain I have the proper knowledge of C (in most cases) to
perform the proper backported security patch.  I have a great
understanding of rpm packaging.  So if there are not enough people to
make this happen I am certainly willing to try.  But I can only hope
that our QA people are equally as diligent.  My offer also extends to
QAing packages.  I work for a software shop that has a very decent build
and QA process.  It wouldn't be difficult for me to test new packages
and give them a thorough testing.

--
Christian Pearce
http://www.commnav.com