On Monday 09 August 2004 08:34, Greg KH wrote:
> On Sun, Aug 08, 2004 at 06:51:44PM +0000, Kurt Lieber wrote:
> > Third, many folks want long-term support of these releases.  I
> > *don't* think this is viable and am not willing to personally sponsor
> > this.  A core component of this GLEP is that we will *not* be
> > backporting security fixes.
>
> So what would happen for security fixes?  Rely on the latest release
> from upstream to be used instead?  This can cause real problems, as a
> lot of SATA users just found out with the most recent Fedora kernel
> update due to the security fix.  They went with the most recent kernel,
> which happened to rename their disk drives.

Testing is of course necessary. At each time it needs to be considered 
whether backporting or upgrading is the best way to go. In many cases 
backporting only amounts to isolating the changes to the current ebuild 
and applying that patch to the old version. One needs some knowledge of 
the programming language used to judge the probable impact but for many 
patches one can be quite confident that the impact is minimal.

>
> What is the downside of just backporting the security fixes to the
> versions marked "stable" (becides developer time)?  I really think this
> is something most people who want a "stable" tree will want to have (if
> for no other reason than that's how all the other Linux distros do it,
> and it will take less effort trying to explain why we don't...)

I agree that discounting backporting in advance might not be the best way 
to go. But I agree that our backporting resources are very limited.

Paul

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net