On Monday 09 August 2004 09:43, Barry Shaw wrote:
> Kurt Lieber wrote:
> | Second, there was some question about how often the tree would be
> | updated. The GLEP doesn't really specify this, but I think once a
> | year is a reasonable timeframe.
> |
> | Third, many folks want long-term support of these releases.  I
> | *don't* think this is viable and am not willing to personally sponsor
> | this.  A
>
> core
>
> | component of this GLEP is that we will *not* be backporting security
>
> fixes.
>
> | (at least not as a rule)  We will be relying on the versions that the
> | original authors provide except in very unusual circumstances.  The
> | reason for this is simple -- we don't have the resources to guarantee
> | that we can backport things (and, more importantly, guarantee that
> | they'll work right once backported)  Suppporting a profile for four
> | or more years almost guarantees you'll be doing a lot of backporting.
> |  I don't plan to incorporate long-term support as part of this GLEP. 
> | That might, however, be an excellent opportunity for commercial
> | companies with greater finanial resources than us.
>
> My main concern here is that if you've got a core server, which
> typically has lifetime of 3 to 4 years, you don't want to be
> reinstalling it every year (in many cases you can't).  That said, I
> agree that its unlikely there are resources to maintain a tree for
> years on end.  As a compromise, if some consideration was given to
> easing migration, that would be suitable.  Given the fact that servers
> have a very minimal level of software on them anyway, its probably not
> too much of a big deal.

The upgrade is not supposed to be a reinstall. Just an upgrade, allthough 
there might be some issues with configuration files etc.

> Backporting has been mentioned in Greg k-h's post and I think thats
> something we want to stay away from.  Ebuild maintainers may not have
> the programming skill necessary to backport fixes from one version of
> the software to another.  The upstream maintainers are the experts in
> that respect and thats where that decision should stay.  In my
> experience once the upstream maintainer stops maintaining a certain
> version of the software, migration to the new version is necessary
> anyway.

I don't think it is wise to make a black-and-white decision beforehand. Of 
course we need some general guideline though.

>
> The other downside to backporting is that it causes tonnes of false
> positives if you do any proactive network scanning.  Not a major
> really, but its one of my pet hates 8)

That's not really a fair issue. If it is an issue the version number could 
be ammended.

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net