Plan for Today's (20070625) Release Engineering meeting
Axel Thimm
Axel.Thimm at ATrpms.net
Mon Jun 25 22:40:54 UTC 2007
On Mon, Jun 25, 2007 at 01:42:45PM -0400, Jeremy Katz wrote:
> On Mon, 2007-06-25 at 19:15 +0200, Axel Thimm wrote:
> > On Mon, Jun 25, 2007 at 12:52:02PM -0400, Jesse Keating wrote:
> > > > 2.) There was request for a seperate security_updates repository for F-7.
> > >
> > > This can be accomplished by the yum-security plugin, once bodhi is capable of
> > > generating the extra update metadata. I'm sure Luke would love a hand in
> > > getting some of this accomplished.
> >
> > If instead the repo is split you get it for free for smart and apt and
> > any other depsolver as well w/o imposing to the devloper of the said
> > tools to also write a plugin.
> >
> > Keep updates-released as is and just add another repo
> > "security-updates" based on the bodhi metadata. "security-updates"'s
> > contents should be hardlinked against updates-released.
>
> And what if a security update depends on a non-security update? Do we
> only build security updates against a buildroot containing only security
> updates?
>
> This gets complicated pretty quickly....
Actually you have a very good point there. If there will be a concept
offering only security updates, then the security updates *must* be
built on release + security-updates only, and koji needs to know in
*advance* that this is a security build, and not only at bodhi time.
The reason is that if you build a security update against F7 &
updates-released in 12 months and this requires a library that has
been updated since F7's release (but not due to security), you will
end up with a broken security update on a system following only
security updates. So you're left with the following options:
o forget about a security updates only mechanism, whether this is a
yum-plugin or a separate repo
o Elevate all dependencies of a security update to become part of the
virtual or real security-update repo
o Build security updates only against F7 & security updates, not all
the updates (and only elevate non-security updates to security
status to fulfill otherwise missing dependencies.
At first the yum-plugin sounds like the easy way out, but it will
generate more issues than it will solve especially the more F7 will be
aging.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070626/b880840a/attachment.sig>
More information about the Fedora-maintainers
mailing list