Re: Plan for Today's (20070625) Release Engineering meeting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 25, 2007 at 01:42:45PM -0400, Jeremy Katz wrote:
> On Mon, 2007-06-25 at 19:15 +0200, Axel Thimm wrote:
> > On Mon, Jun 25, 2007 at 12:52:02PM -0400, Jesse Keating wrote:
> > > > 2.) There was request for a seperate security_updates repository for F-7.
> > > 
> > > This can be accomplished by the yum-security plugin, once bodhi is capable of 
> > > generating the extra update metadata.  I'm sure Luke would love a hand in 
> > > getting some of this accomplished.
> > 
> > If instead the repo is split you get it for free for smart and apt and
> > any other depsolver as well w/o imposing to the devloper of the said
> > tools to also write a plugin.
> > 
> > Keep updates-released as is and just add another repo
> > "security-updates" based on the bodhi metadata. "security-updates"'s
> > contents should be hardlinked against updates-released.
> 
> And what if a security update depends on a non-security update?  Do we
> only build security updates against a buildroot containing only security
> updates?
> 
> This gets complicated pretty quickly....

Actually you have a very good point there. If there will be a concept
offering only security updates, then the security updates *must* be
built on release + security-updates only, and koji needs to know in
*advance* that this is a security build, and not only at bodhi time.

The reason is that if you build a security update against F7 &
updates-released in 12 months and this requires a library that has
been updated since F7's release (but not due to security), you will
end up with a broken security update on a system following only
security updates. So you're left with the following options:

o forget about a security updates only mechanism, whether this is a
  yum-plugin or a separate repo
o Elevate all dependencies of a security update to become part of the
  virtual or real security-update repo
o Build security updates only against F7 & security updates, not all
  the updates (and only elevate non-security updates to security
  status to fulfill otherwise missing dependencies.

At first the yum-plugin sounds like the easy way out, but it will
generate more issues than it will solve especially the more F7 will be
aging.
-- 
Axel.Thimm at ATrpms.net

Attachment: pgpgrRKtnSKIc.pgp
Description: PGP signature

--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly

[Index of Archives]     [Fedora Users]     [Fedora Development]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux