public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Mart Raudsepp <leio@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] URGENT: exotic arches need Qt 4.5.3 stabilization
Date: Mon, 09 Nov 2009 19:51:27 +0200	[thread overview]
Message-ID: <1257789087.16908.10.camel@localhost> (raw)
In-Reply-To: <e117dbb90911090533v2119b4a3n50ff9b983f3eab89@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1996 bytes --]

On Mon, 2009-11-09 at 14:33 +0100, Ben de Groot wrote:
> I am of the opinion it is irresponsible to leave vulnerable versions of Qt with
> known security bugs any longer in the tree. The Qt team therefore requests
> that arches that have not done so already move quickly on stabilizing Qt
> 4.5.3, see bug 290922 and 283810.

It is more irresponsible and outright wrong to remove the latest stable
revision of a package for some arches, despite security implications.
Hard masking constitutes the same - the last stable version is not in
stable visibility anymore.

You can however remove the keywords of the arches from older versions
that do have a newer version/revision stable as seen in all profiles.


> We plan on REMOVING or at the very least HARDMASKING pending removal
> all <=4.5.2 ebuilds by the end of this week. This means that arches that have
> not stabilized 4.5.3 would loose their stable Qt4 version.

How do you see this being acceptable for the users of these
architectures? Many of these architectures that are "lagging behind" not
being even security supported architectures.

> Please let us know if there is any way in which we can assist arches. We
> are aware that some arches are down to one active person. But if there is
> no other way, maybe the status of such arches should be reconsidered.

It seems most these arches that are at ~1 person are not security
supported either

> We especially request ppc64 to be marked as an experimental arch, as it
> is the worst one lagging in stabilization. See bug 281821 for a poignant
> example, a 3 months open security bug.

First its security supported status should be considered, not making it
an experimental arch, as that could very well throw it in a backwards
spiral of getting more and more problematic due to repoman iirc not
checking issues with it by default.

-- 
Mart Raudsepp
Gentoo Developer
Mail: leio@gentoo.org
Weblog: http://planet.gentoo.org/developers/leio

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

  parent reply	other threads:[~2009-11-09 17:52 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-09 13:33 [gentoo-dev] URGENT: exotic arches need Qt 4.5.3 stabilization Ben de Groot
2009-11-09 17:15 ` Tobias Klausmann
2009-11-09 17:51 ` Mart Raudsepp [this message]
2009-11-09 19:41 ` Joseph Jezak
2009-11-09 20:11   ` Ben de Groot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1257789087.16908.10.camel@localhost \
    --to=leio@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox