On Sat, Sep 02, 2023 at 10:49:51AM +0200, Richard Brown wrote:
On Sat, 2023-09-02 at 10:43 +0200, Michal Suchánek wrote:
Hello,
why do you think that Slowroll would require more packaging effort than Leap?
Just as Leap derives from SLE, Slowroll derives from Tumbleweed.
I could even argue that Slowroll would require less effort when all packages come from Tumbleweed while Leap is built on top of SLE and has a large number of packages of its own.
Because, unlike Leap where maintenance for SLE packages is effectively 'automatic' (ie. taken care as part of the daily business of SLE), and unlike Tumbleweed where it's also effectively 'automatic' ('just throw a new version at it), Slowroll will likely require old-fashioned maintenance (CVE bumps, backports, narrow-fixes) for packages in Slowroll but not-yet-ready to be copied from Tumbleweed
It depends on the criteria for 'ready' and the distance between Slowroll and Tumbleweed. If a new version of a library fixes a CVE and does not look problematic otherwise it can be just declared 'ready' - there is about as much risk of breakage from upgrading as there is from backporting a fix. Then there are times when it's more problematic - upgrading to a new KDE version to fix a CVE is somewhat dodgy. Thanks Michal