Fedora products, to upgrade rather than backport?
Eric Rostetter
rostetter at mail.utexas.edu
Mon May 15 21:16:59 UTC 2006
Quoting Michal Jaegermann <michal at harddata.com>:
> On Mon, May 15, 2006 at 02:29:03PM -0500, Eric Rostetter wrote:
>>
>> Depends on what transparent means. If you want to be transparent in the
>> sense of not breaking people's working machines, then no, you should
>> backport.
>
> When people intimately familiar with a given code, because they
> authored it, do not even attempt to provide security patches for
> older versions as internals were completely re-written and it is
> not even clear how to patch old holes, you expect that a small
> group of volunteers will do a deep analysis and come quickly with
> correct and safe patches for whatever? Such request is not even
> funny.
FL already has a policy, and it applies to RHL as well as FL. If
the code can't reasonable be backported, we upgrade. End of
discussion.
> In case you wonder the above was exactly the case with relatively
> recent updates to sendmail and is normally the case with mozilla
> (try to peek into that code and you will see why).
Yea, and postgresql, etc. But this isn't the issue at hand.
> What is more such "leaf" applications, as opposed to deeply
> intertwined libraries, are not a real problem - packaging hiccups
> notwithstanding.
They can be, like in the case of postgresql which requires you dump
your DB, upgrade, restore the DB, or else you are SOL. And we already
know how many people just set yum to do automatic updates and would be
burned in such a case.
Think about all the problems we would have if we upgraded from PHP 4.x
to PHP 5.x. Man, that would be a nightmare for the users...
> Michal
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Go Longhorns!
More information about the fedora-legacy-list
mailing list