on Tue, 26 Jul 2011 17:20 in the Usenet newsgroup gmane.linux.mageia.devel Samuel Verschelde wrote:
> Le mardi 26 juillet 2011 07:56:36, blind Pete a écrit : >> on Tue, 26 Jul 2011 08:34 >> in the Usenet newsgroup gmane.linux.mageia.devel >> Samuel Verschelde wrote: >> >> [snip] >> >> > *** Old backports *** >> > Remove old backports when newer ones are submitted >> > - otherwise we let people use old bugged or plagged with security issues >> > packages, when they don't necessarily know that there are problems with >> > them - simpler choice : users have to choose between the version in >> > updates and the one in backports, not more >> > - less space on mirrors (fear wesnoth and vegastrike multiple backports >> > !) >> > >> > Thank you for reading. >> > >> > Best regards, >> > >> > Samuel Verschelde >> >> It is theoretically possible that there could be multiple versions with >> bug fixes and feature enhancements with no known security problems in any >> of them. FireFox appears to be almost going down that path. I think >> that FF 5 is just FF 4.0.3 with a silly name - please correct me if I am >> wrong - and 5 should obsolete 4. But I can imagine several versions >> existing during the life of a LTS release. >> >> The deletion criteria should be, "there is a vulnerability that that is >> not going to be fixed". That is usually, but not always the same as, >> "there is a new version". > > Are you going to check every existing backport for vulnerabilities so that we > can choose which versions to delete ? No. It it requires work, that is a good reason for not doing it. I was assuming that the packager for XYZ would be on a mailing list and when an email arrived that said version 7 need work, then remove it. > If not, I don't think this is realistic > to support 5 versions of the same package at the same time. Let's go with the > simpler approach. If things don't work like I imagined, sorry for the noise. Simple and trustworthy is better than complex and untrustworthy. > Best regards > > Samuel Verschelde -- Sig goes here... blind Pete
