On Wed, Nov 03, 2010 at 12:44:04AM +0100, Stephan Kleine wrote: [ 8< ]
That leaves out the main issue. The stuff in Contrib is version frozen and therefore any security fixes need to be backported and the packages in there need to be maintained.
I believe - and with Samba we've proofen - this "version frozen" policy as inadequate. All depends from the dependencies. For example a kernel and glibc version change more likely will break working setups. While a version upgrade to Samba worked well for several openSUSE and SUSE Linux Enterprise products. As an official update and not only as we offer packages from the network:samba:STABLE and TESTING repositories of the openSUSE Build Service. For some components of the system we need something like rolling updates. Or is any of you still happily and satisfied using the initial Firefox as offered for SUSE Linux Enterprise 10 or openSUSE 11.2? There is nothing like one simple policy. Reality is sucking complex. ;)
Who will do that? If the original submitter is willing to do that he prolly will already submit it to Contrib so I don't see how that will change besides collecting more unmaintained packages in Contrib which isn't really what we should want.
Take the exim example. As I'm using it I'm quite happy to help and complained as soon as it should get dropped. I'm never going to work on a security update for exim. All I'm willing to do is to keep the exim package in openSUSE on a current level. If there is a security issue I would address it with the new version. With exim this is possible. It's not the default MTA of SUSE and therefore the risk to break 80% of installed and working systems is much lower. But if there is anyone willing to contribute time, I'm also happy to change the current very simple approach. As long as it doesn't cause extra work to me. Have I said there is no simple policy? ;)) Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany