On Fri, 2004-12-10 at 10:07 +0100, Wouter Verhelst wrote: > If this is what's going to happen, then the first time a security fix > comes along in one of those binaries the system suddenly isn't > LCC-compiant anymore (due to the fact that different distributions > handle security updates differently -- one backports fixes, the other > throws in the newest upstream release).
Because the LCC is developed collaboratively by the distros that use it, this won't happen--the security fix will be applied to the LCC core, and the distros that are based on the LCC will incorporate the result in a uniform, consistent manner. In other words, there will be a single security update policy, not divergent ones for each LCC-based distro. > It'll also severely hurt a distribution's ability to easily update to > the newest upstream, or even to release when it's ready (but the next > version of the LCC for some reason isn't). The LCC core will be reproducible from source, so if a distro wishes to do something differently, it may do so--though at the risk of losing certifications (and the ability to call it LCC-based, since it won't be, by definition, as long as its core is different from the LCC core). -- Ian Murdock 317-578-8882 (office) http://www.progeny.com/ http://ianmurdock.com/ "All men dream: but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity: but the dreamers of the day are dangerous men, for they may act their dreams with open eyes, to make it possible." -T.E. Lawrence
