On 11/27/2010 09:55 PM, Rodney Dawes wrote: > On Sat, 2010-11-27 at 12:10 -0800, Clint Byrum wrote: >> Also, why would 10.10 need to be updated in any way if it already >> supports the newer protocol? > In 10.10 and 11.04, we already ship CouchDB 1.0. Why should users > continue to have two versions installed after an upgrade to either of > those versions of Ubuntu? We will have to ship updates so that the > package splitting we might do, would be reconciled on upgrade. > >>> There are also other security fixes included in the set of changes from >>> 0.10 to 1.0, which means anyone actually using 0.10 is probably going to >>> have to update anyway. >>> >> Our security team backports security fixes to the released version in an >> LTS, so I'm not sure how that is relevant. > The situation is similar to that of Firefox. CouchDB is not a simple > package. The fixes are not simply applied to the older version. They are > fairly invasive. Otherwise, we wouldn't be having this 3 month long > conversation trying to come up with an amicable solution for all > parties, as we would have already backported the fix we need. And I'm > sure an SRU would have been in that case, were it possible. With Firefox > and other Mozilla projects in the past, security updates have been > issued by upgrading to a newer major version of the package in question. Firefox is not a client library that others base applications on. Xulrunner is, however, when we did a major upgrade of xulrunner in Hardy, we left the xulrunner-1.9 source package and added a xulrunner-1.9.2 source. We ported the vulnerable applications to the xulrunner-1.9.2 source. This left the 3rd party applications to update on their own if they chose to. Also, Firefox has a Microrelease exception. If this is going to be an ongoing problem for couchdb, there should be a discussion about how to handle upgrades on a regular basis.
Micah -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel