On Sat, 2010-11-27 at 12:10 -0800, Clint Byrum wrote: > Also, why would 10.10 need to be updated in any way if it already > supports the newer protocol?
In 10.10 and 11.04, we already ship CouchDB 1.0. Why should users continue to have two versions installed after an upgrade to either of those versions of Ubuntu? We will have to ship updates so that the package splitting we might do, would be reconciled on upgrade. > > There are also other security fixes included in the set of changes from > > 0.10 to 1.0, which means anyone actually using 0.10 is probably going to > > have to update anyway. > > > > Our security team backports security fixes to the released version in an > LTS, so I'm not sure how that is relevant. > The situation is similar to that of Firefox. CouchDB is not a simple package. The fixes are not simply applied to the older version. They are fairly invasive. Otherwise, we wouldn't be having this 3 month long conversation trying to come up with an amicable solution for all parties, as we would have already backported the fix we need. And I'm sure an SRU would have been in that case, were it possible. With Firefox and other Mozilla projects in the past, security updates have been issued by upgrading to a newer major version of the package in question.
signature.asc
Description: This is a digitally signed message part
-- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
