On Mon, Feb 02, 2004 at 07:22:42PM +0100 or thereabouts, Olivier Cr?te wrote: > A few details.. I find '~stable:<arch>' a bit odd.. "unstable stable"
~masked ebuilds are not "unstable". They are "untested". Same thing here. > Maybe one year is still too short? I'd propose a much longer period (3 > years), I understand that this is a lot of work for the infrastructure, > but even at 3 years, its max 12 ebuilds per package... I don't object to making it longer, although I think 3 years is sort of extreme. Also, this GLEP does not talk about, nor do I personally have any interest in, trying to back-port fixes from new packages to versions that are 3 years old. As it stands with this GLEP, if the upstream maintainer decides to fix a security vulnerability by releasing a new version, we will most likely force people to upgrade that package to get that fix. If the Gentoo package maintainer wants to back-port, that's his/her business. However, there are no provisions made in this GLEP for specifically back-porting things to packages in the ~stable tree. > And there should be an easy way to stay on an old release and just > update security fixes... That is planned as part of this GLEP. Currently, the proposed duration is 12 months. If enough people want a longer duration, and the devs don't mind committing to supporting a release for that long, then fine. > And also, there should be a small team that > controls access to that tree in between releases. To make sure that only > essential stuff is committed and that enough QA is done.. The purpose of this GLEP is just to establish a separate tree. If the QA team later wants to impose more strict requirements on access to the tree, that's certainly something I would personally support. --kurt
pgp00000.pgp
Description: PGP signature
