[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libc6_2.0.7r-3 considered harmful

>> IMHO We need a policy on this sort of thing, so that in future when
>> a dangerous package version gets put on the ftp sites, we can back
>> out quickly to a less broken version.
>While I agree, the current management of the archives makes this quite
>difficult, as there isn't sufficient archive space to keep every old
>version of every package, which is the only way to be "absolutely" safe.

We would not need that much space.  I proposed to expire old packages
after a week or so.  That way, we need only 200 MB or so.  The
recovery would be:

      1) If the maintainer can upload a new fixed package immediately,
         then install that.

      2) Otherwise, if the previous package has not expired yet, then
         install that.

      3) Otherwise, damage the broken package, so nobody can install
         it.  Maybe something like this: 
                echo "placeholder for fixed package to be uploaded \
         soon" > foopackage-1.2-3.deb

                               - Jim Van Zandt

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: