On Mon, Jun 25, 2007 at 01:42:45PM -0400, Jeremy Katz wrote: > On Mon, 2007-06-25 at 19:15 +0200, Axel Thimm wrote: > > On Mon, Jun 25, 2007 at 12:52:02PM -0400, Jesse Keating wrote: > > > > 2.) There was request for a seperate security_updates repository for F-7. > > > > > > This can be accomplished by the yum-security plugin, once bodhi is capable of > > > generating the extra update metadata. I'm sure Luke would love a hand in > > > getting some of this accomplished. > > > > If instead the repo is split you get it for free for smart and apt and > > any other depsolver as well w/o imposing to the devloper of the said > > tools to also write a plugin. > > > > Keep updates-released as is and just add another repo > > "security-updates" based on the bodhi metadata. "security-updates"'s > > contents should be hardlinked against updates-released. > > And what if a security update depends on a non-security update? Do we > only build security updates against a buildroot containing only security > updates? > > This gets complicated pretty quickly.... Actually you have a very good point there. If there will be a concept offering only security updates, then the security updates *must* be built on release + security-updates only, and koji needs to know in *advance* that this is a security build, and not only at bodhi time. The reason is that if you build a security update against F7 & updates-released in 12 months and this requires a library that has been updated since F7's release (but not due to security), you will end up with a broken security update on a system following only security updates. So you're left with the following options: o forget about a security updates only mechanism, whether this is a yum-plugin or a separate repo o Elevate all dependencies of a security update to become part of the virtual or real security-update repo o Build security updates only against F7 & security updates, not all the updates (and only elevate non-security updates to security status to fulfill otherwise missing dependencies. At first the yum-plugin sounds like the easy way out, but it will generate more issues than it will solve especially the more F7 will be aging. -- Axel.Thimm at ATrpms.net
Attachment:
pgpgrRKtnSKIc.pgp
Description: PGP signature
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
