On Mon, Jun 28, 2010 at 01:59:42AM +0530, Nirbheek Chauhan wrote: > > I'm saying that a 30 days rule is too strict for most packages and > herds. I don't think such a rule will fly very far. Even a 90 day rule > or a 6 month rule is too strict for GNOME packages. I personally > empathize with the needs of users enough that I (and most of the gnome > team) are willing to wait for arches that cannot handle stabilization > bugs. We really don't want our users to have a bad experience because > of *us*. We'll do whatever is in our power. > The '30 days' was just an example. Any reasonable timeframe could do > > > > Moreover, slow arches introduce another problem as well. If a package is > > marked stabled for their arch, but this package is quite old, and they fail > > to > > stabilize a new version, we ( as maintainers ) can't drop the very old > > ( and obsolete ) version of this package because we somehow will break > > the stable tree for these arches. How should we act in this case? > > Keep the old version around forever just to say that "hey, they do have > > a stable version for our exotic arch". > > > > Now *this* is a problem. We have some bugs, some security bugs that > have been completely ignored by some arches. Mips as usual is one, but > recently hppa (and to a much lesser extent, ppc64) have become slow. > > To fix this, I suggest the following heuristic: > > * If an arch cannot stabilize *security bugs* after 3 months, the > maintainers are free to drop the vulnerable version. What if this version is the only one that is stabled for this arch. Can you imagine the possible breakage that this action might cause?
The problem is exactly here. If a package has only one version stable for an exotic arch, you cannot drop it because: * you will break packages that depend on it * you will make users angry -- Markos Chandras (hwoarang) Gentoo Linux Developer Web: http://hwoarang.silverarrow.org
pgp3gGTva4ojC.pgp
Description: PGP signature
