On Wed, 2003-12-31 at 06:59, Johnny Strom wrote: > Warren Togami wrote: > > I am trying to remember... I believe this means we would need to > > maintain two separate sets of package management tools, as apt compiled > > for rpm-4.1 and rpm-4.1.1 are different. I could be wrong though. > > > > I dislike the idea of splitting bugfix and security updates because it > > would further add complexity to the client configuration, as well as add > > more unnecessary work to the project. If the concern is that we will go > > wild with arbitrary bugfix packages, this is totally not the case. > > Bugfixes will be very rare in Legacy, and only in cases where there is > > no credible opposition. > > > > (Actually, non-critical bugfixes will probably go into the "stable" > > channel of fedora.us, which is not by default part of Legacy's default > > channels.) > > > > Regarding RPM specifically, it is a losing proposition to even suggest > > using RH8 without an RPM upgrade. And don't worry about the stability > > of that RPM upgrade, as it is very well understood and tested for a very > > great amount of time and analysis involved. We at fedora.us have been > > arguing about this all year now. This is nothing new, like people here > > seem to think it is. > > > > Warren > > Hi > > I was thinking that the bugfixes that are rear should be separated > so that it would be opptional for users to go and download them > manually from ftp or http. If it is done like that then the bugfixes > will not make any extra trouble for the primary security fixes and no > changes would be needed to any client or am I wrong about that?. > > In this way we would follow the KISS method and still make ppl > happy that want to fix some bugs. > I think what Warren is trying to say is that the RPM upgrade is a special bug fix that makes sense moving forward. It makes sense to perform this fix because it affects the system by which we upgrade our servers. Plus it is a special case and it is well understood. If it takes upgrading rpm for RedHat 8.0 and RedHat 9 to keep interest in the project I am for it. I think we are intelligent enough to manage this. I personally plan on moving all my machines over to 8.0 and 9. So I rather have the rpm stability. BTW: What is progeny doing? I think if people are interested in a pure play security fix for there servers they might want to consider them. I think Fedora Legacy intended to be a little more than that. Help blurb: While I think I will have time to do patching and packages, I am not certain I have the proper knowledge of C (in most cases) to perform the proper backported security patch. I have a great understanding of rpm packaging. So if there are not enough people to make this happen I am certainly willing to try. But I can only hope that our QA people are equally as diligent. My offer also extends to QAing packages. I work for a software shop that has a very decent build and QA process. It wouldn't be difficult for me to test new packages and give them a thorough testing. -- Christian Pearce http://www.commnav.com
