* [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs @ 2008-10-14 0:03 Jose Luis Rivero 2008-10-14 0:38 ` Donnie Berkholz 2008-10-14 0:39 ` [gentoo-dev] " Christian Faulhammer 0 siblings, 2 replies; 10+ messages in thread From: Jose Luis Rivero @ 2008-10-14 0:03 UTC (permalink / raw To: gentoo-dev Hi all: Reading a random discussion in our dev mailling list, I came with a doubt about our new EAPI policy and its procedures. I couldn't find it documented nor discussed anywhere so I bringing it here. Supposing that anyone can currently add an ebuild using EAPI-2 under the testing branch: what are we going to do if an EAPI-2 ebuild (which are only managed by ~arch package managers) needs to go stable due to some kind of major reason like security? Hypothetical case: foo-1 (eapi-0) marked as stable and foo-2 (eapi-2) with new features marked as testing. A security problem appears affecting both. UPSTREAM release foo-3 to solve the security issue. There are some others sceneries but are not so common as the one presented could be. Any decent solution for this case? -- Jose Luis Rivero <yoswink@gentoo.org> Gentoo/Doc Gentoo/Alpha ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs 2008-10-14 0:03 [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs Jose Luis Rivero @ 2008-10-14 0:38 ` Donnie Berkholz 2008-10-14 8:59 ` Jose Luis Rivero 2008-10-14 0:39 ` [gentoo-dev] " Christian Faulhammer 1 sibling, 1 reply; 10+ messages in thread From: Donnie Berkholz @ 2008-10-14 0:38 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 1315 bytes --] On 02:03 Tue 14 Oct , Jose Luis Rivero wrote: > Hi all: > > Reading a random discussion in our dev mailling list, I came with a > doubt about our new EAPI policy and its procedures. I couldn't find it > documented nor discussed anywhere so I bringing it here. > > Supposing that anyone can currently add an ebuild using EAPI-2 under the > testing branch: what are we going to do if an EAPI-2 ebuild (which are > only managed by ~arch package managers) needs to go stable due to some > kind of major reason like security? > > Hypothetical case: foo-1 (eapi-0) marked as stable and foo-2 (eapi-2) > with new features marked as testing. A security problem appears > affecting both. UPSTREAM release foo-3 to solve the security issue. > > There are some others sceneries but are not so common as the one presented > could be. Any decent solution for this case? There are only a few obvious ones, you'll have to pick which one you like best. Most of the other options basically duplicate these in some way or add more work to them for negligible gain: - Backport the ebuild from EAPI=2 to EAPI=0 - Backport the security patch to the EAPI=0 ebuild - Stabilize portage quickly -- Thanks, Donnie Donnie Berkholz Developer, Gentoo Linux Blog: http://dberkholz.wordpress.com [-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs 2008-10-14 0:38 ` Donnie Berkholz @ 2008-10-14 8:59 ` Jose Luis Rivero 2008-10-14 16:17 ` Marius Mauch 0 siblings, 1 reply; 10+ messages in thread From: Jose Luis Rivero @ 2008-10-14 8:59 UTC (permalink / raw To: gentoo-dev On Mon, Oct 13, 2008 at 05:38:34PM -0700, Donnie Berkholz wrote: > On 02:03 Tue 14 Oct , Jose Luis Rivero wrote: > > > > There are some others sceneries but are not so common as the one presented > > could be. Any decent solution for this case? > > There are only a few obvious ones, you'll have to pick which one you > like best. Most of the other options basically duplicate these in some > way or add more work to them for negligible gain: > > - Backport the ebuild from EAPI=2 to EAPI=0 EAPI-2 to EAPI-0 could imply lot of changes (not talking about what is going to happen when we release new and more feature rich EAPIs), and changes usually come with bugs. The ebuild is committed directly to stable implies bugs in stable, which for me is a no-go. > - Backport the security patch to the EAPI=0 ebuild Which sometimes is going to be impossible, require lot of work, and we fall into the risk of bad backported patches when non trivial backport patches are needed (which turns into buggy patches in the stable branch) > - Stabilize portage quickly Most of the times this is not going to be possible. Seems to me that EAPI changes are not trivial to PMs and need some kind of decent testing period. Thanks. -- Jose Luis Rivero <yoswink@gentoo.org> Gentoo/Doc Gentoo/Alpha ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs 2008-10-14 8:59 ` Jose Luis Rivero @ 2008-10-14 16:17 ` Marius Mauch 2008-10-14 22:34 ` Petteri Räty 2008-10-16 12:50 ` [gentoo-dev] " Jose Luis Rivero 0 siblings, 2 replies; 10+ messages in thread From: Marius Mauch @ 2008-10-14 16:17 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 2548 bytes --] On Tue, 14 Oct 2008 10:59:39 +0200 Jose Luis Rivero <yoswink@gentoo.org> wrote: > On Mon, Oct 13, 2008 at 05:38:34PM -0700, Donnie Berkholz wrote: > > On 02:03 Tue 14 Oct , Jose Luis Rivero wrote: > > > > > > There are some others sceneries but are not so common as the one > > > presented could be. Any decent solution for this case? > > > > There are only a few obvious ones, you'll have to pick which one > > you like best. Most of the other options basically duplicate these > > in some way or add more work to them for negligible gain: > > > > - Backport the ebuild from EAPI=2 to EAPI=0 > > EAPI-2 to EAPI-0 could imply lot of changes (not talking about what is > going to happen when we release new and more feature rich EAPIs), and > changes usually come with bugs. The ebuild is committed directly to > stable implies bugs in stable, which for me is a no-go. Assuming the ebuild changes between foo-1 and foo-2 are mainly due to the change from EAPI=0 to EAPI=2 (which I'd expect to be true in many cases) you could just reuse the foo-1 ebuild for foo-3. If there are major differences between foo-1 and foo-2 not related to the EAPI change then the maintainer probably didn't want foo-2 to become stable anytime soon, so it's at least questionable if foo-3 should go straight to stable in the first place. And adding a new version directly to stable always comes with a risk, you can't eliminate that completely. It's all about risk assessment, and how much work you're willing to do or time you want to spend to minimize the risk. > > - Backport the security patch to the EAPI=0 ebuild > > Which sometimes is going to be impossible, require lot of work, and we > fall into the risk of bad backported patches when non trivial backport > patches are needed (which turns into buggy patches in the stable > branch) And sometimes it's a very viable option when patches are provided by upstream. In the end at least one of the above solutions should work in almost every case. It might sometimes cause a bit more work than a bump that doesn't involve any EAPI changes, but that's life. If you have a real case where both suggested solutions aren't realistic I'd like to hear about it, otherwise I think we're wasting time making up solutions for a non-existant problem Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 197 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs 2008-10-14 16:17 ` Marius Mauch @ 2008-10-14 22:34 ` Petteri Räty 2008-10-15 1:24 ` Alec Warner 2008-10-16 12:50 ` [gentoo-dev] " Jose Luis Rivero 1 sibling, 1 reply; 10+ messages in thread From: Petteri Räty @ 2008-10-14 22:34 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 1804 bytes --] Marius Mauch kirjoitti: > On Tue, 14 Oct 2008 10:59:39 +0200 > Jose Luis Rivero <yoswink@gentoo.org> wrote: > >> On Mon, Oct 13, 2008 at 05:38:34PM -0700, Donnie Berkholz wrote: >>> On 02:03 Tue 14 Oct , Jose Luis Rivero wrote: >>>> There are some others sceneries but are not so common as the one >>>> presented could be. Any decent solution for this case? >>> There are only a few obvious ones, you'll have to pick which one >>> you like best. Most of the other options basically duplicate these >>> in some way or add more work to them for negligible gain: >>> >>> - Backport the ebuild from EAPI=2 to EAPI=0 >> EAPI-2 to EAPI-0 could imply lot of changes (not talking about what is >> going to happen when we release new and more feature rich EAPIs), and >> changes usually come with bugs. The ebuild is committed directly to >> stable implies bugs in stable, which for me is a no-go. > > Assuming the ebuild changes between foo-1 and foo-2 are mainly due to > the change from EAPI=0 to EAPI=2 (which I'd expect to be true in many > cases) you could just reuse the foo-1 ebuild for foo-3. > > If there are major differences between foo-1 and foo-2 not related to > the EAPI change then the maintainer probably didn't want foo-2 to > become stable anytime soon, so it's at least questionable if foo-3 > should go straight to stable in the first place. > > And adding a new version directly to stable always comes with a risk, > you can't eliminate that completely. It's all about risk assessment, > and how much work you're willing to do or time you want to spend to > minimize the risk. > There's no need to commit straight to stable. Just make two different new revisions for each EAPI. Then the arch teams can test it like usual. Regards, Petteri [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 260 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs 2008-10-14 22:34 ` Petteri Räty @ 2008-10-15 1:24 ` Alec Warner 2008-10-15 10:30 ` Santiago M. Mola 2008-10-15 10:50 ` [gentoo-dev] " Steve Long 0 siblings, 2 replies; 10+ messages in thread From: Alec Warner @ 2008-10-15 1:24 UTC (permalink / raw To: gentoo-dev On Tue, Oct 14, 2008 at 3:34 PM, Petteri Räty <betelgeuse@gentoo.org> wrote: > Marius Mauch kirjoitti: >> On Tue, 14 Oct 2008 10:59:39 +0200 >> Jose Luis Rivero <yoswink@gentoo.org> wrote: >> >>> On Mon, Oct 13, 2008 at 05:38:34PM -0700, Donnie Berkholz wrote: >>>> On 02:03 Tue 14 Oct , Jose Luis Rivero wrote: >>>>> There are some others sceneries but are not so common as the one >>>>> presented could be. Any decent solution for this case? >>>> There are only a few obvious ones, you'll have to pick which one >>>> you like best. Most of the other options basically duplicate these >>>> in some way or add more work to them for negligible gain: >>>> >>>> - Backport the ebuild from EAPI=2 to EAPI=0 >>> EAPI-2 to EAPI-0 could imply lot of changes (not talking about what is >>> going to happen when we release new and more feature rich EAPIs), and >>> changes usually come with bugs. The ebuild is committed directly to >>> stable implies bugs in stable, which for me is a no-go. >> >> Assuming the ebuild changes between foo-1 and foo-2 are mainly due to >> the change from EAPI=0 to EAPI=2 (which I'd expect to be true in many >> cases) you could just reuse the foo-1 ebuild for foo-3. >> >> If there are major differences between foo-1 and foo-2 not related to >> the EAPI change then the maintainer probably didn't want foo-2 to >> become stable anytime soon, so it's at least questionable if foo-3 >> should go straight to stable in the first place. >> >> And adding a new version directly to stable always comes with a risk, >> you can't eliminate that completely. It's all about risk assessment, >> and how much work you're willing to do or time you want to spend to >> minimize the risk. >> > > There's no need to commit straight to stable. Just make two different > new revisions for each EAPI. Then the arch teams can test it like usual. Aha a perfect canidate use case for GLEP 55[1] that fends off 'why are there multiple versions of the same package' questions and complexities. [1] http://www.gentoo.org/proj/en/glep/glep-0055.html > > Regards, > Petteri > > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs 2008-10-15 1:24 ` Alec Warner @ 2008-10-15 10:30 ` Santiago M. Mola 2008-10-15 10:50 ` [gentoo-dev] " Steve Long 1 sibling, 0 replies; 10+ messages in thread From: Santiago M. Mola @ 2008-10-15 10:30 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 1148 bytes --] El mar, 14-10-2008 a las 18:24 -0700, Alec Warner escribió: > On Tue, Oct 14, 2008 at 3:34 PM, Petteri Räty <betelgeuse@gentoo.org> wrote: > >> > > > > There's no need to commit straight to stable. Just make two different > > new revisions for each EAPI. Then the arch teams can test it like usual. > > Aha a perfect canidate use case for GLEP 55[1] that fends off 'why are > there multiple versions of the same package' questions and > complexities. > If you're thinking about having two equal versions with different EAPIs, that's not allowed by GLEP 55: "Note that it is still not permitted to have more than one ebuild with equal category, package name, and version. Although it would have the advantage of allowing authors to provide backwards compatible ebuilds, it would introduce problems too. The first is the requirement to have strict EAPI ordering, the second is ensuring that all the ebuilds for a single category/package-version are equivalent, i.e. installing any of them has exactly the same effect on a given system." Regards, -- Santiago Moisés Mola Jabber: cooldwind@gmail.com | GPG: AAD203B5 [-- Attachment #2: Esta parte del mensaje está firmada digitalmente --] [-- Type: application/pgp-signature, Size: 197 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* [gentoo-dev] Re: Stabilize ebuilds which use EAPIs only supported by ~arch PMs 2008-10-15 1:24 ` Alec Warner 2008-10-15 10:30 ` Santiago M. Mola @ 2008-10-15 10:50 ` Steve Long 1 sibling, 0 replies; 10+ messages in thread From: Steve Long @ 2008-10-15 10:50 UTC (permalink / raw To: gentoo-dev Alec Warner wrote: > Petteri Räty wrote: >> There's no need to commit straight to stable. Just make two different >> new revisions for each EAPI. Then the arch teams can test it like usual. > > Aha a perfect canidate use case for GLEP 55[1] that fends off 'why are > there multiple versions of the same package' questions and > complexities. > Hmm AFAICT there isn't any need to do put it in the filename, as the package manager will simply ignore an EAPI (which comes from the rsync'ed cache for the Gentoo tree) it doesn't know. Additionally all the manglers deal with EAPI 0-2 fine afaik. If it's solely about the different rev ids, I think it's a bit of a red herring; anyone confused could simply be told "this is a security fix" if they cared to ask (or look in the Changelog) and these aren't exactly going to be all over the tree. Could be masked "for arch-testing [security fix]" and then the relevant fixed older version put into the tree, as now. Personally I'd rather remove the restriction and allow ebuilds to work with more than one EAPI, as explicitly declared, instead of having to write two revisions. One could then also inherit from a security eclass to make it clear to anyone reading the ebuild what was happening (which would also work for two different revs with variant EAPIs ofc.) Whatever, I don't think this use-case is anywhere near enough to justify the massive intrusion that GLEP55 is. The versioning thing brought up before is best done via debian-style epochs, if anyone really wants to fix that. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs 2008-10-14 16:17 ` Marius Mauch 2008-10-14 22:34 ` Petteri Räty @ 2008-10-16 12:50 ` Jose Luis Rivero 1 sibling, 0 replies; 10+ messages in thread From: Jose Luis Rivero @ 2008-10-16 12:50 UTC (permalink / raw To: gentoo-dev On Tue, Oct 14, 2008 at 06:17:12PM +0200, Marius Mauch wrote: > On Tue, 14 Oct 2008 10:59:39 +0200 > Jose Luis Rivero <yoswink@gentoo.org> wrote: > > > > EAPI-2 to EAPI-0 could imply lot of changes (not talking about what is > > going to happen when we release new and more feature rich EAPIs), and > > changes usually come with bugs. The ebuild is committed directly to > > stable implies bugs in stable, which for me is a no-go. > > Assuming the ebuild changes between foo-1 and foo-2 are mainly due to > the change from EAPI=0 to EAPI=2 (which I'd expect to be true in many > cases) you could just reuse the foo-1 ebuild for foo-3. > > If there are major differences between foo-1 and foo-2 not related to > the EAPI change then the maintainer probably didn't want foo-2 to > become stable anytime soon, so it's at least questionable if foo-3 > should go straight to stable in the first place. I was talking about this case, were foo-2 is in testing and is not ready for stable. It's not questionable to go directly to stable if security is involved in the process. > And adding a new version directly to stable always comes with a risk, > you can't eliminate that completely. It's all about risk assessment, > and how much work you're willing to do or time you want to spend to > minimize the risk. Agree. The question bringing here is: how can we minimize the risk if this situation appear, where we have an EAPI change between ebuilds in stable and testing branch and EAPI in testing can only be managed by testing PMs. > In the end at least one of the above solutions should work in > almost every case. It might sometimes cause a bit more work than a bump > that doesn't involve any EAPI changes, but that's life. Well, when I think about having to revert eapi changes or having to make own backports and apply these solutions directly to stable because we are using some features not supported by stable PMs, I have doubts if it wouldn't be better to avoid these situations and wait for the PMs to be stable. > If you have a real case where both suggested solutions aren't > realistic I'd like to hear about it, otherwise I think we're wasting > time making up solutions for a non-existant problem It's not about realistic, just about how risky the solutions could be to be in our stable branch. Perhaps I'm being very pessimistic. Leave the question here and we will see what happen in the future. We'll back to this if needed. Thanks. -- Jose Luis Rivero <yoswink@gentoo.org> Gentoo/Doc Gentoo/Alpha ^ permalink raw reply [flat|nested] 10+ messages in thread
* [gentoo-dev] Re: Stabilize ebuilds which use EAPIs only supported by ~arch PMs 2008-10-14 0:03 [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs Jose Luis Rivero 2008-10-14 0:38 ` Donnie Berkholz @ 2008-10-14 0:39 ` Christian Faulhammer 1 sibling, 0 replies; 10+ messages in thread From: Christian Faulhammer @ 2008-10-14 0:39 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 567 bytes --] Hi, Jose Luis Rivero <yoswink@gentoo.org>: > Hypothetical case: foo-1 (eapi-0) marked as stable and foo-2 (eapi-2) > with new features marked as testing. A security problem appears > affecting both. UPSTREAM release foo-3 to solve the security issue. Backport the fix or create an EAPI=0 ebuild, as the package manager will mask EAPIs it cannot understand, so you cannot emerge it anyway. V-Li -- Christian Faulhammer, Gentoo Lisp project <URL:http://www.gentoo.org/proj/en/lisp/>, #gentoo-lisp on FreeNode <URL:http://www.faulhammer.org/> [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 197 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2008-10-16 12:50 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-10-14 0:03 [gentoo-dev] Stabilize ebuilds which use EAPIs only supported by ~arch PMs Jose Luis Rivero 2008-10-14 0:38 ` Donnie Berkholz 2008-10-14 8:59 ` Jose Luis Rivero 2008-10-14 16:17 ` Marius Mauch 2008-10-14 22:34 ` Petteri Räty 2008-10-15 1:24 ` Alec Warner 2008-10-15 10:30 ` Santiago M. Mola 2008-10-15 10:50 ` [gentoo-dev] " Steve Long 2008-10-16 12:50 ` [gentoo-dev] " Jose Luis Rivero 2008-10-14 0:39 ` [gentoo-dev] " Christian Faulhammer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox