Le 13/04/2014 19:06, Bruce Dubbs a écrit : > I would like to get the opinion of the community. Right now we have > four tickets: > > #3537 MPFR-3.1.2 Patchlevel 5 > #3536 Fix BC-1.06.95 bug > #3532 Readline-6.3 patchlevel 3 > #3532 Bash-4.3 patchlevel 8 > > All of these call for adding patches from upstream. My question is > whether it should be the policy of LFS to add these types of upstream > patches to the book when upstream does not feel the need to release a > new stable version to make these fixes. > > In the case of BC, I think that it may be reasonable since there has > been no stable releases since 2006. However, the fact that the problem > has evidently been around for 8 years and is now just coming up > indicates the level of importance. > > For the others, I'm even less sure. > > My problem is not with making the specific patches mentioned, but what > the policy should be. Should we be checking all packages daily for > these types of patches? Clearly that would be a time consuming task. > > If we are going to patch, what patches should be used? There are > patches from various sources: Debian, Arch, Gentoo, as well as the > originating site. These are not always the same. > > Generally, these patches address corner cases and rarely come up in > common usage. > > What's your opinion? > > -- Bruce > I am not sure either: - for packages which do not have frequent releases (clearly, bash and readline, but also ncurses comes to mind), I would say that upstream patches are equivalent to new point versions of other packages, so maybe include them. - when there is a security threat, it usually is fixed rapidly upstream, but often only in svn or git. Take the patch from the commit. - when the package does not build, of course, we have to release patches. Where to preferably take them, I do not know.
Pierre -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page