Samuel Verschelde a écrit :
Le mardi 26 juillet 2011 07:56:36, blind Pete a écrit :
on Tue, 26 Jul 2011 08:34
in the Usenet newsgroup gmane.linux.mageia.devel
Samuel Verschelde wrote:
[snip]
*** Old backports ***
Remove old backports when newer ones are submitted
- otherwise we let people use old bugged or plagged with security issues
packages, when they don't necessarily know that there are problems with
them - simpler choice : users have to choose between the version in
updates and the one in backports, not more
- less space on mirrors (fear wesnoth and vegastrike multiple backports
!)
Thank you for reading.
Best regards,
Samuel Verschelde
It is theoretically possible that there could be multiple versions with
bug fixes and feature enhancements with no known security problems in any
of them. FireFox appears to be almost going down that path. I think
that FF 5 is just FF 4.0.3 with a silly name - please correct me if I am
wrong - and 5 should obsolete 4. But I can imagine several versions
existing during the life of a LTS release.
The deletion criteria should be, "there is a vulnerability that that is
not going to be fixed". That is usually, but not always the same as,
"there is a new version".
Are you going to check every existing backport for vulnerabilities so that we
can choose which versions to delete ? If not, I don't think this is realistic
to support 5 versions of the same package at the same time. Let's go with the
simpler approach.
I can see the point of not keeping multiple packports of larger packages such
as ff.
And the point of keeping things simpler.
However, often a newer version of a package drops/changes features of older
versions, so it really does makes sense to keep the older version available,
for fallback. This often applies to very small optional modules of some
application.
(On my system there is at least one very old optional module for a package that
I keep for that reason.)
So my suggestion : for smaller packages, say not more than about 1 M or 5 M,
(where size doesn't present a problem), we keep multiple backports as long as
there are no known security issues.
Best regards
Samuel Verschelde
--
André