Why does it take so long for new (gimp, kernels, openoffice) packages to reach the stable repo ?

Rick Stevens ricks at nerd.com
Fri Oct 17 21:31:45 UTC 2008 

Linuxguy123 wrote:
> I'm waiting for gimp2.6, kernel 2.6.27 and open-office 3.0.  If I am not
> mistaken, there are a couple evolution releases that haven't been
> accepted either.
> 
> All of these packages have been released for general distribution
> outside of the Fedora community.   Why does it take so long for them to
> be accepted into the Fedora stable repo ?   
> 
> Are they unstable and do they need bugfixes or what ?

There are a lot of things involved in bringing new packages or versions
of existing packages into any distribution.  For example, are the
current libraries good enough or must another RPM be generated to update
the required libraries?  How would that affect other packages?  Would
installing the package conflict with installed packages?  Is the new
version compatible with the old version?  Are there patent or copyright
issues involved?  Those are a very tiny sample of the issues involved.
All must be addressed before a new version is "accepted into the fold."

If you really need the newer versions of what you've mentioned above,
then download and build away.  The system will be more difficult to
maintain and update, but that's the way it is.  It's like any other
group effort...the slowest "person" (entity, alien, whatever) sets the
pace.  You're not obligated to go along with that, but you will be
somewhat on your own.

F8 shipped with OpenSSL 0.9.8b (well, it has most of the patches up to
0.9.8d, I think).  OpenSSL 0.9.8g is distributed with F9, which I was a
bit surprised at since 0.9.8h had been around for quite a while before
F9 stabilized.  The stable stuff from OpenSSL itself is currently
0.9.8i.  However, there's been no update to these later versions in
Fedora (or RHEL or CentOS).  I know...we run PCI-compliant systems based
on CentOS and Fedora and you really need to run 0.9.8h or 0.9.8i because
of security issues.  I've done end runs and built 0.9.8i from source
(and created my own RPMs with scripts that set up symlinks to keep pre-
built stuff happy).  You do what you have to do.

It's not really all that scary out here beyond the bleeding edge.  Just
carry lots of iodine and bandages and know for a fact you're gonna get
nicked every once in a while.

"The weaklings died on the way, and the cowards never started."
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-     Have you noticed that "human readable" configuration file      -
-          directives are beginning to resemble COBOL code?          -
----------------------------------------------------------------------

More information about the fedora-list mailing list