Mailinglist Archive: opensuse-buildservice (272 mails)

< Previous Next >
Re: [opensuse-buildservice] The disconnect
  • From: Lars Müller <lmuelle@xxxxxxx>
  • Date: Thu, 4 Nov 2010 12:52:37 +0100
  • Message-id: <20101104115237.GB9311@xxxxxxxxxxxxxxxx>
On Thu, Nov 04, 2010 at 10:49:40AM +0100, Ludwig Nussel wrote:
Lars Müller wrote:
I'm never going to work on a security update for exim. All I'm willing
to do is to keep the exim package in openSUSE on a current level. If
there is a security issue I would address it with the new version.

Which is perfectly ok for a package where upstream already is
careful to not break stuff. That doesn't work in general though.

Yes, that is exactly what I tried to express with my mail. Being more
verbose my statement sounds like:

It depends on the upstream project, the package complexity, how the
software is used in SUSE (less or more prominent), is it part of the
default install, where in the dependeny chain is it located (at ground
like glibc/ bash or up at the attic like Samba).

These are all factors we have to keep in mind. And that's something
primarily the particular project maintainers have to decide on.

Who secondarily? Those in charge of the maintenance process.

This requires communication and explanations.

Some of us are part of the openSUSE project since a year. Others are
using it since 15 years.

I'm stressing this to illustrate the different point of views or
motivations.

With exim this is possible. It's not the default MTA of SUSE and
therefore the risk to break 80% of installed and working systems is much
lower.

The question is whether users of exim are aware that they rely on a
"second-tier" package. OTOH there is no guarantee that packages that
are in the default install are treated with more care either.

We might need an additional attribute on package level our users might
rely on and libzypp (zypper + YaST) is able to handle. This would allow
users to only install packages which are covered by the prefered
individual quality policy.

Lars
--
Lars Müller [ˈlaː(r)z ˈmʏlɐ]
Samba Team
SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
< Previous Next >