From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 846B2138247 for ; Thu, 16 Jan 2014 00:24:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D8C9FE0BEC; Thu, 16 Jan 2014 00:24:32 +0000 (UTC) Received: from michel.telenet-ops.be (michel.telenet-ops.be [195.130.137.88]) by pigeon.gentoo.org (Postfix) with ESMTP id C22F4E0A5E for ; Thu, 16 Jan 2014 00:24:31 +0000 (UTC) Received: from TOMWIJ-GENTOO ([94.226.55.127]) by michel.telenet-ops.be with bizsmtp id EQQX1n0042khLEN06QQXoq; Thu, 16 Jan 2014 01:24:31 +0100 Date: Thu, 16 Jan 2014 01:23:34 +0100 From: Tom Wijsman To: 1i5t5.duncan@cox.net Cc: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: rfc: revisiting our stabilization policy Message-ID: <20140116012334.143de474@TOMWIJ-GENTOO> In-Reply-To: References: <20140114213719.GA2684@laptop.home> <52D5B2CA.5030407@gentoo.org> <20140114223312.GA3337@laptop.home> <52D5BDAD.4030808@gentoo.org> <20140114231113.GA3393@laptop.home> <20140115012809.744114d1@TOMWIJ-GENTOO> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.22; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/slcNQKj.JpeHG3PyGpd2cNG"; protocol="application/pgp-signature" X-Archives-Salt: fbc08136-dc72-493c-9d61-fede2b333ab2 X-Archives-Hash: a60315ad49a5a93c35701e3fa68383eb --Sig_/slcNQKj.JpeHG3PyGpd2cNG Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 15 Jan 2014 23:59:49 +0000 (UTC) Duncan <1i5t5.duncan@cox.net> wrote: > There was previous discussion of destable-keywording the kernel. How > has that gone? That was for vanilla-sources only, because that has restricted to only the latest upstream version; as that makes the version change almost weekly, the package can't undergo our stabilization procedure. =20 > I've always thought that having a stable policy exception that the > user actually has to deal with for certain packages, particularly > core packages such as the kernel, would be confusing at best. Yes, if this would ever happen to gentoo-sources; I'd think the handbook would then need to be updated to mention the necessary extra step, but I think it is not bound to happen any time soon. > Still, > given the upstream development pattern, I couldn't think of a > reasonable alternative for the kernel, and agreed with the thread > that it may have to be, for packages like that and perhaps > google-chrome and firefox, where upstream releases are too close to > 30-day and updates are very likely to be security-critical on > packages that are net-exposed. What we do now appears to work fine, critical security bugs cause fast track stabilization if needed; I've backported some security fixes in the past for less critical CVEs in the past, but the main problem here for keeping this up is the lack of manpower on the kernel team. > So it seemed it had to be, for them, and if that has gone well, > perhaps expanding that no-stable policy precedent to things like > editor plugins could work better than I might have imagined. I think it needs to put the accept keywords in a more prominent place if we're going to do this at a wider scale; currently it's in one of those sections that people often don't read due to focusing on continuing with there install instead, eg. they move to some DE guide. > The other question then becomes, since ~arch packages are normally > masked to stable, how are users exposed to them? They aren't unless they accept keywords for them; which can either be done globally using package.accept_keywords, or locally by listing the package atom in /etc/portage/package.accept_keywords > What about a file > somewhere in profiles that lists all these no-stable packages, such > that the PM can (perhaps optionally, I could imagine a setting in > make.conf...) list all ~arch versions of those packages on an > otherwise stable system as if they were stable, tho possibly marked > in some way to indicate that this package isn't a stable-keyword > candidate? If we drop stable versions on a wider scale, we could indeed make the ~arch versions more visible where they currently aren't; we don't want to give the impression that we are removing everything. --=20 With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : TomWij@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D --Sig_/slcNQKj.JpeHG3PyGpd2cNG Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJS1yaGAAoJEJWyH81tNOV9ZmsIAKWZsy/eq6sykLrxbAHINPsV FmfCFUv0E+8IowijaBrALrBXhTjoZytHpy7n7L7cXZLDBs+Qr64v3KFQ+J4XjSe1 fb1XYokTXyL+uuA+Bws+sixyII90QG0I8xug69fwkRHwmNobRQmQfR90L+uYYSbX 4Zkewur2y8dsiPWyPb1HK1isFLrbIJ7MxfXLYOQ3Uadem/Pb5o/04YvPUUOoD2Df LwO+mKAxTBBnkRKvetsFdbhMbH3vphy733blhCZLglwDaiI7eRc6cVsDyqiwsX/7 s/WSzTtRCb7jfMW5v4QKt5PRMTTzAMAeOm0ZXmE994rUGbsTkqnombD/t1b6E1U= =cSJi -----END PGP SIGNATURE----- --Sig_/slcNQKj.JpeHG3PyGpd2cNG--