Am Mittwoch 16 August 2006 12:18 schrieb Ian P. Christian: > On 08/16/06 Paul Kölle wrote: > > The basic problem here is: Upstream may not publish "security fixes" > > but just a new (fixed) version. If you want a "stable" tree, you have > > to watch upstream cvs/svn/mailing lists and backport fixes. That is a > > lot of work. > > that infrastructure is already in place in gentoo. Package maintainers > do it... they need to just make it clear when they update an ebuild > weather it's a general upgrade, or a security upgrade.
I think every update because of security reasons has a security announcement. I would be willing to start such a stable tree, I am thinking of taking a current portage tree, delete all ~arch ebuilds and create an overlay. Every time a security announcement is fired up I will add the newer ebuild to the overlay, checking for any really needed depencies. The main portage tree will be updatedwith every new release, and the older trees will be supported until three new releases. Supported architecture would be currently only x86. The overlay and the portage snapshot will I make public available. What do you think about this? The main problem is that it does not match the philosophy of gentoo. If other architectures should also be available it would be a lot of work. Regards Jan -- [email protected] mailing list
