Sander Lepik skrev 26.6.2012 23:15:
26.06.2012 22:25, Thomas Backlund kirjutas:
* backports is supported as long as the rest of the release
Comments? Questions ?
I think we should change the wording from "supported" to "tested". Currently we
can
"support" backport with a newer version of the backport. But i don't think it's
a wise move
to mark backports repo as an updates repo. So i don't see how we can _support_
backports.
And QA has no time to deal with updates for backports (i mean to search for
security holes
in backports). But this can be discussed tomorrow.
Well,
It's the backporters job to make sure its fixed for security issues as
stated by:
* if you backport anything, (regardless if you are the real
maintainer or not) you accept the responsibility of
handling the bugreports against the backport and make sure
it gets patched (or upgraded) to get security fixes.
It's not supposed to be flagged as an update repo as that would make it
upgrade all packages it find in the system with matching backports packages.
So we need to either create a "backports update applet" or extend
current update applet.
(or "worst case" until we get it automated tell the user of backported
packages to make sure they check if a new/fixed rpm is available in
backports)
And there will still be some advisory notifying people of new backports,
just like we do for security and bugfix updates now.
--
Thomas
