Dominique's suggestion makes sense. There's no issue changing the latest
release and having fis-gtm reflect that, so that someone installing
fis-gtm always gets the latest release. My concern is just to make sure
that installing the latest release when fis-gtm is updated should not
delete prior releases already on the system.
With respect to Thorsten's question about security and grave bugs: So
far, we have been lucky and to date have never had a grave bug that
caused us to withdraw a release. With respect to security issues, we
have had two security issues in the last so many years (actually, one
issue in 2007, followed by a second because the fix for the first issue
was not complete). As the vulnerability was not in the GT.M core, we
were able to distribute a fix that wrapped & isolated the vulnerable
component and could be retrofitted to existing installations of older
releases. If & when any security issue comes up in the future, we would
have to look the specifics to decide on a course of action. By design,
GT.M has a very simple security philosophy and model, which makes it
easier for us to keep it simple. The opening sentence in Appendix E
(Security Philosophy) of the Administration and Operations Guide starts,
"The general GT.M philosophy is to use the security of the underlying
operating system."
Regards
-- Bhaskar
On 02/10/2014 02:38 PM (US Eastern Time), Dominique Belhachemi wrote:
There is no big difference to all the other packages in Debian.
Transitions happen all the time.
Just let the latest stable release propagate into testing. Luis is
setting up the git packaging infrastructure to make a transition from
one release to another release as smooth as possible. We can deal with
all the other issues when they arise.
Best
-Dominique
On Mon, Feb 10, 2014 at 2:27 PM, Karsten Hilbert
<[email protected] <mailto:[email protected]>> wrote:
On Mon, Feb 10, 2014 at 07:30:06PM +0100, Thorsten Alteholz wrote:
> > More precisely we are talking about versions:
> >
> > fis-gtm-6.0 (currently in Debian)
> > fis-gtm-6.1 (recently released upstream)
> > fis-gtm-6.2 (to be released upstream by mid 2014)
>
> Assuming that these packages are in unstable and a security or grave
> bug will be found that affects all versions. As far as I understood
> only a new version fis-gtm-6.3 will be released. All other version
> remain unchanged.
That's correct. In fact, the "air" of what fis.gtm seems to
have been conveying is "there are no grave or security bugs".
Karsten
--
GPG key ID E4071346 @ gpg-keyserver.de <http://gpg-keyserver.de>
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
--
To UNSUBSCRIBE, email to [email protected]
<mailto:[email protected]>
with a subject of "unsubscribe". Trouble? Contact
[email protected] <mailto:[email protected]>
Archive:
http://lists.debian.org/[email protected]
--
GT.M - Rock solid. Lightning fast. Secure. No compromises.
_____________
The information contained in this message is proprietary and/or confidential.
If you are not the intended recipient, please: (i) delete the message and all
copies; (ii) do not disclose, distribute or use the message in any manner; and
(iii) notify the sender immediately. In addition, please be aware that any
message addressed to our domain is subject to archiving and review by persons
other than the intended recipient. Thank you.
