On 2023-09-02 11:15, Michal Suchánek wrote:
On Sat, Sep 02, 2023 at 10:49:51AM +0200, Richard Brown wrote:
Because, unlike Leap where maintenance for SLE packages is effectively 'automatic' (ie. taken care as part of the daily business of SLE), and unlike Tumbleweed where it's also effectively 'automatic' ('just throw a new version at it), Slowroll will likely require old-fashioned maintenance (CVE bumps, backports, narrow-fixes) for packages in Slowroll but not-yet-ready to be copied from Tumbleweed
It depends on the criteria for 'ready' and the distance between Slowroll and Tumbleweed.
If a new version of a library fixes a CVE and does not look problematic otherwise it can be just declared 'ready' - there is about as much risk of breakage from upgrading as there is from backporting a fix.
Then there are times when it's more problematic - upgrading to a new KDE version to fix a CVE is somewhat dodgy.
Yup, agreed. And that’s some work that will need to be done, assessing, deciding upon and coordinating such maintenance. And that work is more than was required for Leap. And considering Leap had one sole lonely Marcus, as awesome as he is, I don’t think he’d scale well in this new world of Slowroll, hence, we’d need more folk. -- Richard Brown Distributions Architect SUSE Software Solutions Germany GmbH, Frankenstraße 146, D-90461 Nuremberg, Germany (HRB 36809, AG Nürnberg) Managing Directors/Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich