Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Fedora-Updates
  • From: Adrian Schröter <adrian@xxxxxxx>
  • Date: Sun, 4 Nov 2007 19:03:20 +0100
  • Message-id: <200711041903.20419.adrian@xxxxxxx>
On Sunday 04 November 2007 18:27:15 wrote Martin Jürgens:
Hi!

As you might know, new version of packages are being shipped in Fedora's
updates repository, fedora-updates.

An example for it is qt4. Version 4.2 is shipped with the distribution,
but fedora-updates provides version 4.3.2.

So I tried to build a package in the buildservice which requires Qt 4.3.
But it does not build so I guess that the Fedora 7 distribution does not
include updates which may be a security risk.

Just imagine a library is being fixed, but all applications in the Build
Service are compiled against the old library which has a security flaw
in it.

only in very very rare cases this is a problem, since you can still run it
against a newer lib and the security leak usually only happens at runtime,
but not at compile time.


Are there plans to change this?

We build against the original lib (not only for Fedora, also SUSE and others),
since this guarantees that your package works against the original one _AND_
the update qt package (since it needs to be forward compatible).

for openSUSE we have also the openSUSE:X.Y:Update projects to build against,
but usually you should avoid them, because of the reason I mentioned.

(only exceptions are new kernel ABI for 10.1 and changed libzypp interface in
10.1). All other packages should work fine when build against the original
interfaces.


--

Adrian Schroeter
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
email: adrian@xxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
References