Am 22.08.2011 13:08, schrieb Lester Caine: > Reindl Harald wrote: >> there should be placed diff-files for security fixes directly on the >> download-page >> they could be easily included in rpmbuild/spec-file if they are matching to >> the latest >> tar.bz2, but the current release process does not support this and forces >> users >> if they wanting their machines as secure as possible to grab in the VCS >> manually >> and hoping make no mistake by making this on their own - it is a hughe >> difference >> for a administrator innclude provided patches in a spec-file or deal with the >> whole php-source > > Actually this is possibly another argument for a properly managed DVCS setup? > On other projects I can pick > critical commits and apply them, and it flags when other bits need to be > implemented as well. Almost does away > with the need to produce actual releases, but you do need to differentiate > security fixes from simple 'improvements'?
this has really nothing to do with DVCS a patch is security-critical or not and if he is atomic enough to be sure that there are no big side-effects to expect it woulld be really fine to include it directly on the download-page with short-decritpion and date so any linux-distribution or people like i who are building there owm RPMs based on them of the distribution can easily download and include in SPEC-file without touching the released tar.bz2 what gives the benefit that the patch can be reverted by adding a simple # before the line in the SPEC-file this is the biggest benefit of rpmbuild, you never have to touch the tarball because rpmbuild is creating a new clean build-environment, unpacking the tarball in it and applying patches from SPEC directly before compile the source
signature.asc
Description: OpenPGP digital signature
