Re: Update ImageMagick in Fedora 16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



28.05.2012 16:23, Kalev Lember wrote:
On 05/27/2012 10:28 PM, Pavel Alexeev wrote:
Hi.

Due to the security issues ([1] for example) and act as newcomer
provenpackager I'll plan update ImageMagick in Fedora 16 too (I should
had been done it early off course). It seams addressed in rawhide.
Hi Pavel,

I'm not sure it's a good idea to do ImageMagick soname bump and a large
scale rebuild in a stable Fedora release. The last ImageMagick soname
bump in F17 was very painful, with broken deps in the repo for about a
month. Isn't it possible to backport the individual security patches to
F16 and avoid the ImageMagick ABI change?
It is main reason why I request provenpackager rights. In fedora 17 it was so painful because I several times asks build dependencies and then ask help to push updates too.
I think in that turn now I can do all that myself, so it should be smoother.

As there around 6 security issues, I think update upstream release is easiest, and furthermore robust way handle it.

 How are other distros handling
the security issue?

I'd also like to quote the Updates Policy for Stable Releases[1]: "ABI
changes in general are very strongly discouraged, they force larger
update sets on users and they make life difficult for third-party
packagers."

[1] http://fedoraproject.org/wiki/Updates_Policy#Stable_Releases
There also statement about security updates allowing that ( http://fedoraproject.org/wiki/Updates_Policy#Security_fixes ):
" If upstream does not provide security fixes for a particular release, and if backporting the fix would be impractical, then a package may be rebased onto a version that upstream supports. The definition of practicality is left to the judgement of FESCO and the packager."


-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux