On Tue, Apr 11, 2006 at 07:33:15PM +0100, Alex Smith <[EMAIL PROTECTED]> wrote:
> Sounds OK to me. So this allows us to do {security,bug} fixes to -stable and
> do one of the mainly requested things from stable users and do security
> fixes there? :-)i would say the infrastructure is mostly ready for testing. the security support is a more complex question, but without a good infrastructure it isn't possible at all. at the moment fdb2db, rf, syncd needs to be improved for -stable, the new version of pacman and pacman-tools (the later fixes only some warnings) is not yet released so it allows us, but i would not say start heavily using it, first it needs to be discussed. maybe start sec support from 0.5? the main questions: 1) who? only one people is not enough for this imho, but only a few devels (2-3 or 3-4) should do it, else the development will not be active enough 2) how? maybe voroskoi can tell us how he report those [SEC] bugs to the bts 3) when? maybe if everything is discussed then we could start a "testing" (to ensure that everything works well) support from pre2 or rc1 4) if we really start then more infrastructure: mailing lists, an common form to post advistories, etc to be clear, i help anybody with infrastructure development, but myself i really hate reading such sec mailing lists, and probably i'm not alone. that's why we would need a few people who can do this. if the infrastructure is ok, then after creating a patch (you should decide to do a version bump or extract the patch from the cvs, etc) it should not take more time than a normal version bump (regarding that a secfix provided by upstream needs less testing than a version bump imho) udv / greetings, VMiklos -- Developer of Frugalware Linux, to make things frugal - http://frugalware.org _______________________________________________ Frugalware-devel mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-devel
