Dne 11.9.2015 v 15:47 Reindl Harald napsal(a):
Am 11.09.2015 um 15:43 schrieb Zdenek Kabelac:
Dne 11.9.2015 v 15:39 Reindl Harald napsal(a):
Am 11.09.2015 um 15:27 schrieb Zdenek Kabelac:
Dne 11.9.2015 v 15:22 Eric Griffith napsal(a):
On Sep 11, 2015 9:03 AM, "Zdenek Kabelac" <zkabe...@redhat.com
<mailto:zkabe...@redhat.com>> wrote:
>
> Dne 11.9.2015 v 14:46 Germano Massullo napsal(a):
>
> Fault #1
> (I've already complained that usage of rawhide & rpmfusion is
getting silly)
>
>
How is the usage getting silly? *genuinely confused* Id love for
Fedora to
have everything in the repos (A la Arch) but for legal and
philosophical
reasons it's not possible.
My complain here is about packaging libraries.
And just because a library has been upgraded from version .so.2 to
version .so.4 and you can't have both (as the new one replaces old one
by Fedora policy) - you cannot normally use rpmfusion.
the whole point of a *shared library* is to have single versions of
libraries
and not 10 versions you need to seek if they are affacted from wahtever
security relevant bug, in many cases it will be impossible to answer that
question
and no, backporting of fixes is not the solution, ignoring manpower
here, how
often do you think developers are fixing some bug and even not realize
it was
security relevant and so no CVE is assigned
not long ago glibc was affactd by such a case
The best part is - the library itself is mostly useless - but because of
packaging policy - if you want to use rpmfusion - you have to basically
build
lib-compat-like (Fedora way) libraries yourself - that's what I call
silly....
no, rpmfusion just need to cope with rawhide changes and rebuild as
Fedora does
We are not solving here 'ideal' word where every one has tons of free
time and could rebuild everything all day&night.
don't tell me rpmfusion could not easily make that fully automated
This Fedora plan simply puts too much work at everyone's hands.
Sure - people who care about safety might have some option - like I
always want to have ONLY the latest lib - and drop everything else, but
there are still lot of users who could live with older libs quite
happilly (and especially in the case they do not use the library in
question AT ALL - which is the maint point here)
you said "every one has tons of free time" - well - and who would maintain the
dozen of versions of libraries packages?
You miss few important points:
1.)
If you have lib.so.2 and lib.so.4 - it may need far more work then
just running rpmbuild - so far away from 'fully automated'.
2.)
What maintaining time are we talking about - since Fedora breaks working thing
in the first place for no good reason and force massive maintenance time on
every user of new library in 'short' time for some potential 'security' fixes
- but you may on the other hand put in dozed of new security breaks anyway -
and when I see how frequently i.e. gtk libs may break whole distro - it
would be far more pleasant to see just couple broken apps at time - instead of
rendering whole rawhide unusable....
Zdenek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
