Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [opensuse] security update policy]
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Sun, 23 Apr 2006 10:44:57 +0200
  • Message-id: <20060423084457.GB30897@xxxxxxx>
On Sun, Apr 23, 2006 at 10:35:56AM +0200, jdd wrote:
> Marcus Meissner wrote:
>
> >> Will a Novell programmer make the necessary patches to 1.4?
> >> will SUSE (YOU) provide upgrade to 1.5 or 1.6... giving I'm
> >> stuck with the 1.6 upgrade :-)
> >
> > We currently do this, yes:
> > $ ls -l /work/SRC/old-versions/10.0/all/mediawiki
>
> > -rw-r--r-- 1 root root 1604 2005-12-07 14:47 mediawiki-1.4.7-php4.4.1.diff
>
> official last 1.4 version is 1.4.14

We backported all the security fixes...

Of course, version upgrades are possible and occasionaly done.

For MediaWiki in the 1.4.x series this might be possible, but not
upgrading to 1.5.x or 1.6.x since this would need manual intervention
by the admin.

> > 2 years of security updates, as with the dozen SUSE Linux releases
> > before.
>
> I don't question the security release, just the way they are
> done.
>
> at first glance it seems very expensive to fix programms
> that where not entended to be when the developper do this
> better (I beg) and free, just to stay with obsolete versions.
>
> I mean if the developper of the app XXxx gives two years
> security update, it seems enough to use them. if not, how
> can you be sure? does this mean you have a programmer for
> any and each package available on SUSE Linux? if yes is this
> one included in the main developper team or working alone?

Yeah. We sometimes consider whether we should add them to the
2 year supported distributions at all. In the case of MediaWiki we
might perhaps just better left it off.

We have package maintainers taking care of a number of packages
each, who are also assigned to fix / backport bugfixes and updates.

This gets even harder with our maintained distributions which
have life spans of 5 or even 7 years and where we cannot do
major version upgrades at all. ;)

Ciao, Marcus

< Previous Next >
References