-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRNj3qAAoJEFHb3FjMVZVz6TgP/RpvQTE/nQHKz8QZDLPFefe1
/gg5ZVqz1AuhJXcWcPlGnmViEdLGCA5xVIma/ddwjB6jGWBS27gmQIsXrokIGSIg
oO9M+T+hM9fDtU1MFqr0OXJsjB1yvzhqlXSkUsDLMDT3VT4/iUFxxb9I9wDR2nrZ
bqHv8qXEzlKcu85b8oLcfrcjNSwEIT2RJBvtv9wAxsKGkxp7vBjJldCAIvDNsyYn
ggHrVex0z5lGUt3xnxSoMDIJylFkW8Km31rORGTVqsxXsyj6s7wUxlBiKVWvUWgM
WHzvEvnFksvgtfz5OQGwsdoy19zZlmF54Cjv6Bz9NS4yJM1zee+y2H3Byepw17U6
VLGnA91IC1TofBz5i6MVKQDJ6v/n5lQP6NPB+MvuiaakZq36n3+iY3sQtaZOxT2M
pRoeOj9GagQuk3pDydbvS9X/shlVnLQ5jJD1UlavTILOAzTwD664jD9ViUR9oBHv
jvf0hbe7L0J+jpq2dvNIH4174aIVAoSDSW8Tdy8iiDRi2ldfTrahCEXXSsohhAao
Vbvt8usYLevDi9TYrNLleAG5mGrzt04bl/eMP3JxBq+Ud9LDKKCD7Qsm/DU+/phw
2TYwLv8G+hDeaIsE62v7rFKCGxjBq4UyY2V8TdYGwym69ZCFyeEoYX38cCPR289b
FGuw5xMNeFS0d9nxtwEm
=bzPu
-----END PGP SIGNATURE-----
On 03/05/2013 12:19 PM, Marc Deslauriers wrote:
> On 13-03-05 08:34 AM, Adam Conrad wrote:
> <snip>
>> 2) No out-of-band support at all, SRU or security. The only slight change
>> from how we do things now would be that security updates destined for
>> the development release would be built in the security PPA (which does
>> not build against -proposed), so they don't pick up new dependencies
>> and can then be copied to the archive and not accidentally get caught
>> up in library transition snags that hinder their migration to the
>> release pocket.
>
> I assume we would do this so the urgent security updates don't get stuck
> in -proposed for a longer than desired timeframe? The problem with doing
> this is it's going to be really hard for us to not collide with version
> numbers, and making sure that subsequent uploads still contain the
> security fix, etc. While it may be worthwhile for a world-burning issue,
> I don't see this as being reasonable for the majority of security
> updates for which we'll simply upload them as usual.
>
Isn't dropped patches always a problem, even now?
I was thinking we would push 'normal' security updates to the dev
release (ie, through -proposed and not in our PPA). These are the ones
that we wouldn't have pushed through -security in the previous proposal.
For high priority updates, we only build in our PPA unless it also
exists in -proposed, in which case, we build in both our PPA and
-proposed (and since we are preparing the updates, we control the
versions so that shouldn't be an issue). This isn't much different than
the previous proposal.
--
Jamie Strandboge http://www.ubuntu.com/
