28.05.2012 16:23, Kalev Lember wrote:
It is main reason why I request provenpackager rights. In fedora 17 it was so painful because I several times asks build dependencies and then ask help to push updates too.On 05/27/2012 10:28 PM, Pavel Alexeev wrote:Hi. Due to the security issues ([1] for example) and act as newcomer provenpackager I'll plan update ImageMagick in Fedora 16 too (I should had been done it early off course). It seams addressed in rawhide.Hi Pavel, I'm not sure it's a good idea to do ImageMagick soname bump and a large scale rebuild in a stable Fedora release. The last ImageMagick soname bump in F17 was very painful, with broken deps in the repo for about a month. Isn't it possible to backport the individual security patches to F16 and avoid the ImageMagick ABI change? I think in that turn now I can do all that myself, so it should be smoother. As there around 6 security issues, I think update upstream release is easiest, and furthermore robust way handle it. There also statement about security updates allowing that ( http://fedoraproject.org/wiki/Updates_Policy#Security_fixes ):How are other distros handling the security issue? I'd also like to quote the Updates Policy for Stable Releases[1]: "ABI changes in general are very strongly discouraged, they force larger update sets on users and they make life difficult for third-party packagers." [1] http://fedoraproject.org/wiki/Updates_Policy#Stable_Releases " If upstream does not provide security fixes for a particular release, and if backporting the fix would be impractical, then a package may be rebased onto a version that upstream supports. The definition of practicality is left to the judgement of FESCO and the packager." |
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
