Re: Firefox and Sarge
On Thu, Aug 26, 2004 at 12:55:35AM +0200, Josselin Mouette wrote:
> Le mercredi 25 août 2004 à 08:29 -0700, Matt Zimmerman a écrit :
> > On Wed, Aug 25, 2004 at 10:27:47AM +0200, Francesco P. Lovergine wrote:
> >
> > > Yes, but I cannot see any recent (within the last year and half) installation
> > > of woody where users did not install a recent version of mozilla, instead
> > > of the pre-1.0. So in some cases, secteam efforts are at least a waste of time.
> > > In those cases that time would be better used in packaging a well-done major
> > > upgrade. Users would be more satisfied, I think.
> >
> > That well-done major upgrade is in progress, and its name is "sarge". Fixes
> > for woody would be great, but despite a lot of discussion on the subject, no
> > one is putting real effort into it. This is a big project, and the security
> > team is already overloaded.
>
> There are already many developers involved in backports, so I don't see
> how this could be a problem of manpower. The only missing thing is an
> infrastructure to make these backports somehow approved by the security
> team, and autobuilt.
There is already such an infrastructure: stable-proposed-updates. The only
missing thing is a proper policy (Big Hogs Upgrades) for such kind of
beasts and a few criteria in creating good packages for that (i.e. changes
minimization). The key point is building major upgrades using only stable
infrastructure, not backporting from unstable. I hope the difference is
evident...
--
Francesco P. Lovergine
Reply to: