ANN: Closing AC

Sun Dec 11 21:06:58 CET 2005

Cz at rny wrote:
> 
> Dnia Sun, 11 Dec 2005 16:07:23 +0100, Jakub Bogusz <qboosh at pld-linux.org>  
> napisaĹ‚:
> 
> > And what can I do with ISO full of security holes (or other serious
> > bugs), with only binary-incompatible updates on ftp?
> 
> Every sytem gets outdated and with security holes with time. We do the  
> main ftp the best w can, so it is as secure, as we make it ( not counting  
> holes, that get found later ).
> 
> What do we get? and iso, that could be installed and used, and updtaes? If  
> main is well made, then upgrade with poldek should make the instalation  
> compatibile with main.

Assume that iso contents == main, assume that ready contains binary
incompatible packages (eg. because of glibc/gcc/g++ update), assume that
every third package (existent in main) does not build yet (need new version,
some other fix or just some work). And assume that a big hole is found in
one of the most important packages (eg. openssl); bugfix available in ready.

What one can do?
- upgrade to ready - not possible because of missing packages
- building a bugfix package and move it to main - not possible because of
  incompatible builder envinronment
- ???

/me and qboosh suggest that when making a big, incompatible change in distro
some kind of updates (in old envinronment) should be supported at least to
the moment when the "packages after change" set becomes at least as stable
as the previous release. This is incompatible with suggested development
model.

And note that such a big change may take months to be finished.
And often a next big change starts before the previous one is finished
leading to never fully usable package set.

-- 
=======================================================================
  Andrzej M. Krzysztofowicz                ankry at mif.pg.gda.pl
  phone (48)(58) 347 14 61
Faculty of Applied Phys. & Math.,   Gdansk University of Technology