[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in www-apps/drupal: drupal-5.23.ebuild ChangeLog drupal-6.19.ebuild drupal-6.16.ebuild drupal-6.17.ebuild drupal-5.22.ebuild
В Пнд, 16/08/2010 в 18:04 +, Alexey Shvetsov (alexxy) пишет: alexxy 10/08/16 18:04:52 Modified: ChangeLog Added:drupal-5.23.ebuild drupal-6.19.ebuild Removed: drupal-6.16.ebuild drupal-6.17.ebuild drupal-5.22.ebuild Log: [www-apps/drupal] Version bump Always reference bug number and mention people that spent time reporting problems in our bugzilla. Please, add bug # and attribution into ChangeLog. Also with version bump it's always good idea to keep previous version to allow re-installation of previous versions in the case of regressions. https://bugs.gentoo.org/show_bug.cgi?id=323399 -- Peter.
Re: [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in www-apps/drupal: drupal-5.23.ebuild ChangeLog drupal-6.19.ebuild drupal-6.16.ebuild drupal-6.17.ebuild drupal-5.22.ebuild
On Tue, 17 Aug 2010 10:46:10 +0400, Peter Volkov p...@gentoo.org wrote: В Пнд, 16/08/2010 в 18:04 +, Alexey Shvetsov (alexxy) пишет: alexxy 10/08/16 18:04:52 Modified: ChangeLog Added:drupal-5.23.ebuild drupal-6.19.ebuild Removed: drupal-6.16.ebuild drupal-6.17.ebuild drupal-5.22.ebuild Log: [www-apps/drupal] Version bump Always reference bug number and mention people that spent time reporting problems in our bugzilla. Please, add bug # and attribution into ChangeLog. Also with version bump it's always good idea to keep previous version to allow re-installation of previous versions in the case of regressions. https://bugs.gentoo.org/show_bug.cgi?id=323399 That's rather https://bugs.gentoo.org/show_bug.cgi?id=332541 I agree that the bug # should be referenced, but as for removing the old versions, that's something we usually ask people to do after bumping packages with security issues to minimize the risk of people installing possibly vulnerable versions. -- Alex Legler | Gentoo Security / Ruby a...@gentoo.org | a...@jabber.ccc.de signature.asc Description: PGP signature
Re: [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in www-apps/drupal: drupal-5.23.ebuild ChangeLog drupal-6.19.ebuild drupal-6.16.ebuild drupal-6.17.ebuild drupal-5.22.ebuild
Ok =) Next time i'll add bug numbers =) Actualy i simply forgot about them. 2010/8/17 Alex Legler a...@gentoo.org: On Tue, 17 Aug 2010 10:46:10 +0400, Peter Volkov p...@gentoo.org wrote: В Пнд, 16/08/2010 в 18:04 +, Alexey Shvetsov (alexxy) пишет: alexxy 10/08/16 18:04:52 Modified: ChangeLog Added: drupal-5.23.ebuild drupal-6.19.ebuild Removed: drupal-6.16.ebuild drupal-6.17.ebuild drupal-5.22.ebuild Log: [www-apps/drupal] Version bump Always reference bug number and mention people that spent time reporting problems in our bugzilla. Please, add bug # and attribution into ChangeLog. Also with version bump it's always good idea to keep previous version to allow re-installation of previous versions in the case of regressions. https://bugs.gentoo.org/show_bug.cgi?id=323399 That's rather https://bugs.gentoo.org/show_bug.cgi?id=332541 I agree that the bug # should be referenced, but as for removing the old versions, that's something we usually ask people to do after bumping packages with security issues to minimize the risk of people installing possibly vulnerable versions. -- Alex Legler | Gentoo Security / Ruby a...@gentoo.org | a...@jabber.ccc.de -- Best Regards, Alexey 'Alexxy' Shvetsov Petersburg Nuclear Physics Institute, Russia Department of Molecular and Radiation Biophysics Gentoo Team Ru Gentoo Linux Dev mailto:alexx...@gmail.com mailto:ale...@gentoo.org mailto:ale...@omrb.pnpi.spb.ru
Re: [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in www-apps/drupal: drupal-5.23.ebuild ChangeLog drupal-6.19.ebuild drupal-6.16.ebuild drupal-6.17.ebuild drupal-5.22.ebuild
В Втр, 17/08/2010 в 11:27 +0200, Alex Legler пишет: but as for removing the old versions, that's something we usually ask people to do after bumping packages with security issues to minimize the risk of people installing possibly vulnerable versions. I agree with removal but not immediately. Personally I already had issues with another web application: it worked in my installation, but people were unable to use it after security fix. Since having vulnerable but working installation is better then fixed but broken, I'd rather always kept old versions for some time. Also it's not a big problem to have old versions in the tree since you have to specify version number explicitly to install them... -- Peter.
Re: [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in www-apps/drupal: drupal-5.23.ebuild ChangeLog drupal-6.19.ebuild drupal-6.16.ebuild drupal-6.17.ebuild drupal-5.22.ebuild
On Tue, 17 Aug 2010 16:11:42 +0400, Peter Volkov p...@gentoo.org wrote: В Втр, 17/08/2010 в 11:27 +0200, Alex Legler пишет: but as for removing the old versions, that's something we usually ask people to do after bumping packages with security issues to minimize the risk of people installing possibly vulnerable versions. I agree with removal but not immediately. Personally I already had issues with another web application: it worked in my installation, but people were unable to use it after security fix. In that case: Reopen the bug and inform us. Besides, you should only get issues when dealing with ~arch ebuilds as they're not tested. But that's what you get for using testing. *shrug* Since having vulnerable but working installation is better then fixed but broken, No offense, but that's just naive. I'd rather always kept old versions for some time. Use a local overlay then. Also it's not a big problem to have old versions in the tree since you have to specify version number explicitly to install them... You obviously haven't been in our support venues and seen what some people are able to do... -- Alex Legler | Gentoo Security / Ruby a...@gentoo.org | a...@jabber.ccc.de signature.asc Description: PGP signature