On Tue, 2004-02-03 at 11:23, Kurt Lieber wrote: > On Tue, Feb 03, 2004 at 10:37:50AM -0500 or thereabouts, Chris Gianelloni wrote: > > I still like the idea of separate rsync branches. > > > > gentoo-2004.0-stable and gentoo-2004.0-updates, both taken via rsync > > with -stable being static per release and -updates being dynamic and an > > overlay to ensure it always overrides the -stable unless a user emerges > > a =cat/ver combo from stable. > > So if I understand you correctly, you're suggesting having a total of 8 > rsync branches: > > gentoo-2004.0-stable > gentoo-2004.0-updates > gentoo-2004.1-stable > gentoo-2004.1-updates > ... > gentoo-2004.3-updates > > Is that correct?
That is correct. > If so, I like the idea in theory, but how do you make sure security fixes > get into all the appropriate trees? I can see a huge QA nightmare with > devs forgetting to include some critical security fix in the older trees. The "stable" team would help ensure this. It would take quite a bit more work, for sure, but I think the payoff is worth it in the long run. > Then there's the whole issue of dependencies of security updates that I > mentioned in my reply to danarmak. That would still be a problem here. This could definitely be a problem if we don't get a large enough group working on the project. I would think in most cases we would attempt to backport patches to the older versions, if possible, and update dependencies only as a last resort. It would require a slight change into our GLSA's to include information about the dependencies. The main function of the "stable" tree is to provide a much more static target for users who wish to have a "standardized" environment. By listing dependencies, the administrator would be able to test the changes before making them in his environment. > We could write a whole crapload of logic into repoman so it could help with > this, but that's a lot more invasive than I had planned on this GLEP being. I agree. I don't think repoman should take care of it beyond possibly checking to make sure all items directly in DEPEND/RDEPEND for a given package are marked stable when the package is marked stable. I think the best way to do this would be to have a good team working on the project. Security updates are always something that needs to be taken very seriously and there are a lot of very talented people out there. I don't think we would have a problem finding people if we needed help. The Gentoo community is just awesome for such things. > That said, I do like the idea if you can help me understand how it's > manageable without being overly cumbersome to implement. Honestly, I don't know that this is something that we could do at the moment, but it seems like it would be a great thing to shoot for as a goal. This would also be the perfect platform for a "boxed" Gentoo, as it would be much more like a "traditional" distribution in releases, yet still offer much of the power and flexibility of Gentoo. There could also be a fairly easy transition to the "other" Gentoo via a simple make.conf setting. Making the current portage tree into a -current would be very feasible. This would have -current being the way things are now, and the release trees being the more frozen tree. Like I said before, it *is* a long road and a ton of work, but I think it would make for an excellent roadmap for Gentoo's future without compromising people's wishes for where Gentoo is going and also for where it is now. > > Dual portage trees requires no portage changes as portage supports > > multiple overlays now. > > OK, good to know. I wasn't sure if this was fully functional yet. That > said, is it easy to use? Can I type "emerge sync --updates-overlay" or > something similar? If we're expecting users to use rsync directly, then I > think that's probably unrealistic. I haven't used it much yet, but I think something like possibly an "updates" keyword for emerge would work wonders. "emerge sync/rsync" for the /usr/portage tree, be it -current or -2004.0, etc and a "emerge updates" for updating the releases. The emerge updates could perform the same function as emerge sync when running on a -current tree. -- Chris Gianelloni Developer, Gentoo Linux Games Team Is your power animal a pengiun?
signature.asc
Description: This is a digitally signed message part
