Re: libc6_2.0.7r-3 considered harmful
>> IMHO We need a policy on this sort of thing, so that in future when
>> a dangerous package version gets put on the ftp sites, we can back
>> out quickly to a less broken version.
>
>While I agree, the current management of the archives makes this quite
>difficult, as there isn't sufficient archive space to keep every old
>version of every package, which is the only way to be "absolutely" safe.
We would not need that much space. I proposed to expire old packages
after a week or so. That way, we need only 200 MB or so. The
recovery would be:
1) If the maintainer can upload a new fixed package immediately,
then install that.
2) Otherwise, if the previous package has not expired yet, then
install that.
3) Otherwise, damage the broken package, so nobody can install
it. Maybe something like this:
echo "placeholder for fixed package to be uploaded \
soon" > foopackage-1.2-3.deb
- Jim Van Zandt
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: