stephen white wrote: > On 10/02/2005, at 2:17 AM, Sune Kloppenborg Jeppesen wrote: > >> We'll only be supporting a subset of Portage with selected server >> packages, >> only a subset of USE flags and only x86 for now. > > > This doesn't really meet my needs, because it will run into the same > problems as Debian. A stable or frozen tree does NOT meet the > requirements for CM/QA processes, even if the selected packages are > perceived to be more stable.
Yes, the main goal for this GLEP is to get a stable tree that isn't a moving target constantly. We're hoping that it'll make it better for us to do QA down the road, but first we need to have something thats at least somewhat stable. I'm trying to make sure any tools we use to create our snapshot will be available to our users so they can do this own their own if they would like! > The problem is that the selected stable packages are only stable for the > maintainer, and doesn't even begin to handle the range of environments > and situations which they are deployed into. As Andrew Cowie has pointed > out, everyone is effectively responsible for creating their own > distribution - which is why Gentoo is useful as a metatool. See above :) We'll try and make tools that will help enable you to create your own set of packages you deem to be stable. > If I take a random snapshot of portage, and subject the packages to > testing within my environment, then that portage tree is 'stable' for my > purposes even if it's wildly wrong for everyone else. Therefore I need > to be able to maintain that snapshot however I need in order to keep my > environment stable in the face of change. See above :) > What I need is a way for glsa-check to be able to apply security updates > without affecting my portage tree. The updates should overlay or be > marked somehow, allowing me to continue to use my selected portage > snapshot baseline without exposing me to security problems over time. This might be doable since we're thinking of creating daily snapshots that are diff'd from the original snapshot. We can certainly try to make that option viable for you. But if you have a package we don't have in our own tree you will need to patch/backport that package on your own. > This is something I can handle myself, but I felt the need to point out > why I think this GLEP19 is going down a dead end. It will not be useful > and merely replicates current practice. If you have a better suggestion please tell us! We've gone through multiple scenarios of different ways of making this work. Truthfully, the nature of portage in its current state is hard to make it work when you lock it down in a snapshot. It works great if it moves around a lot, but for what we need, its becoming a major pain. We're trying our best to come up with a solution that will work for almost everyone. -- Lance Albertson <[EMAIL PROTECTED]> Gentoo Infrastructure --- Public GPG key: <http://www.ramereth.net/lance.asc> Key fingerprint: 0423 92F3 544A 1282 5AB1 4D07 416F A15D 27F4 B742 ramereth/irc.freenode.net
signature.asc
Description: OpenPGP digital signature
