Pushing updates for Fedora 7
Ralf Corsepius
rc040203 at freenet.de
Sun Jun 3 14:12:49 UTC 2007
On Sun, 2007-06-03 at 09:46 -0400, Jesse Keating wrote:
> On Sunday 03 June 2007 07:12:48 Ralf Corsepius wrote:
> > > Security updates go straight to Stable already.
> >
> > They shouldn't. They should undergo an automated procedure to assure
> > they fit cleanly into the existing installations and don't break package
> > deps.
>
> This is not always practical. Should a firefox remote exploit fix be held up
> because a fringe package that builds against FF and is used by say 5 people
> hasn't been rebuilt yet? Should every use suffer? I seriously hope not.
IMO, this has to be balanced on a case by case basis.
* Does a broken update get installed at all or will yum refuse to
install it due to broken deps?
* Does postponing a security update for a few hours until things get
"cleaned up" really hurt? In some cases it will, in most it will not.
* Consider mirrors: Do security updates get immediately pushed to
mirrors or will mirrors pull them with a several hours or days delay?
Given the "out-of-syncness" many mirrors are in, delaying pushing
packages by a couple of hours doesn't really make a difference.
* Consider users: Many don't upgrade immediately. Most probably poll at
intervals.
Ralf
More information about the Fedora-maintainers
mailing list