Hi Stephen, On Thursday 10 February 2005 05:51, stephen white wrote: > On 10/02/2005, at 2:17 AM, Sune Kloppenborg Jeppesen wrote: > > We'll only be supporting a subset of Portage with selected server > > packages, > > only a subset of USE flags and only x86 for now. > > This doesn't really meet my needs, because it will run into the same > problems as Debian. A stable or frozen tree does NOT meet the > requirements for CM/QA processes, even if the selected packages are > perceived to be more stable. We figured. So we're planning to make the tools available for all to abuse:-)
> > The problem is that the selected stable packages are only stable for > the maintainer, and doesn't even begin to handle the range of > environments and situations which they are deployed into. As Andrew > Cowie has pointed out, everyone is effectively responsible for creating > their own distribution - which is why Gentoo is useful as a metatool. > > If I take a random snapshot of portage, and subject the packages to > testing within my environment, then that portage tree is 'stable' for > my purposes even if it's wildly wrong for everyone else. Therefore I > need to be able to maintain that snapshot however I need in order to > keep my environment stable in the face of change. > > What I need is a way for glsa-check to be able to apply security > updates without affecting my portage tree. The updates should overlay > or be marked somehow, allowing me to continue to use my selected > portage snapshot baseline without exposing me to security problems over > time. This will work in most cases but not all. We'll provide support for 'our' snapshots but when a security fix suddenly require an updated eclass or something else not provided in the updated ebuild or in your portage snapshot you'll have to fix the problem. > This is something I can handle myself, but I felt the need to point out > why I think this GLEP19 is going down a dead end. It will not be useful > and merely replicates current practice. I am quite sure that many admins out there do not use a clean approach like you describe above and would benifit from this initiative. Also if you have developed a solid solution so we can mix contents from different snapshots without any problems please let us know:-) -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team
pgp7YO012IhbM.pgp
Description: PGP signature
