From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1N7YPJ-0005XP-2H for garchives@archives.gentoo.org; Mon, 09 Nov 2009 17:52:01 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 34183E08EA; Mon, 9 Nov 2009 17:52:00 +0000 (UTC) Received: from smtp-out.neti.ee (smtp-out.neti.ee [194.126.126.37]) by pigeon.gentoo.org (Postfix) with ESMTP id 0896AE08EA for ; Mon, 9 Nov 2009 17:52:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by relay211.estpak.ee (Postfix) with ESMTP id D33F948EBB87 for ; Mon, 9 Nov 2009 19:51:58 +0200 (EET) X-Virus-Scanned: amavisd-new at estpak.ee Received: from smtp-out.neti.ee ([127.0.0.1]) by localhost (relay211.estpak.ee [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9jRVqWnoOmCk for ; Mon, 9 Nov 2009 19:51:55 +0200 (EET) Received: from NETI-Relayhost2.estpak.ee (neti-relayhost2.estpak.ee [88.196.174.199]) by relay211.estpak.ee (Postfix) with ESMTP id AEAC748EBA44 for ; Mon, 9 Nov 2009 19:51:55 +0200 (EET) X-SMTP-Auth-NETI-Businesmail: no Subject: Re: [gentoo-dev] URGENT: exotic arches need Qt 4.5.3 stabilization From: Mart Raudsepp To: gentoo-dev@lists.gentoo.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-BqpjiSMjatU1IzuruCZZ" Date: Mon, 09 Nov 2009 19:51:27 +0200 Message-Id: <1257789087.16908.10.camel@localhost> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 X-Archives-Salt: 6bf87583-de43-4a47-8f8a-b0f9b321a64d X-Archives-Hash: d5cdc3396f60167d0d69ee0fe6b75ff8 --=-BqpjiSMjatU1IzuruCZZ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2009-11-09 at 14:33 +0100, Ben de Groot wrote: > I am of the opinion it is irresponsible to leave vulnerable versions of Q= t with > known security bugs any longer in the tree. The Qt team therefore request= s > that arches that have not done so already move quickly on stabilizing Qt > 4.5.3, see bug 290922 and 283810. It is more irresponsible and outright wrong to remove the latest stable revision of a package for some arches, despite security implications. Hard masking constitutes the same - the last stable version is not in stable visibility anymore. You can however remove the keywords of the arches from older versions that do have a newer version/revision stable as seen in all profiles. > We plan on REMOVING or at the very least HARDMASKING pending removal > all <=3D4.5.2 ebuilds by the end of this week. This means that arches tha= t have > not stabilized 4.5.3 would loose their stable Qt4 version. How do you see this being acceptable for the users of these architectures? Many of these architectures that are "lagging behind" not being even security supported architectures. > Please let us know if there is any way in which we can assist arches. We > are aware that some arches are down to one active person. But if there is > no other way, maybe the status of such arches should be reconsidered. It seems most these arches that are at ~1 person are not security supported either > We especially request ppc64 to be marked as an experimental arch, as it > is the worst one lagging in stabilization. See bug 281821 for a poignant > example, a 3 months open security bug. First its security supported status should be considered, not making it an experimental arch, as that could very well throw it in a backwards spiral of getting more and more problematic due to repoman iirc not checking issues with it by default. --=20 Mart Raudsepp Gentoo Developer Mail: leio@gentoo.org Weblog: http://planet.gentoo.org/developers/leio --=-BqpjiSMjatU1IzuruCZZ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (GNU/Linux) iEYEABECAAYFAkr4Vp8ACgkQkeYb6olFHJcn/gCghVI5QHps4Yb1oW9VWlxh6f7j Rc8An1oAk3EdM9PvYrDhGX9VpDcqZKkx =1G8c -----END PGP SIGNATURE----- --=-BqpjiSMjatU1IzuruCZZ--