Re: [gentoo-dev] avoiding urgent stabilizations

On 26/02/2011 15:57, Enrico Weigelt wrote: * Ed W schrieb: I'm just building some embedded devices on the side using gentoo and my minimal builds are only a few MB? How to do you get out all the buildtime stuff (portage, toolchain, etc) ? Seems like your complaint is that you have gentoo in

Re: [gentoo-dev] avoiding urgent stabilizations

* Ed W schrieb: > I'm just building some embedded devices on the side using > gentoo and my minimal builds are only a few MB? How to do you get out all the buildtime stuff (portage, toolchain, etc) ? > Seems like your complaint is that you have gentoo installs which are > full featured with a

Re: [gentoo-dev] avoiding urgent stabilizations

Hi But, for me, even a trimmed-down Gentoo is still too large (has to contain the whole base packages, from portage to toolchain, includes, etc). I'd prefer having only the essential runtime stuff within the containers. I'm just building some embedded devices on the side using gentoo and my m

Re: [gentoo-dev] avoiding urgent stabilizations

* Ed W schrieb: > I maintain a, likely much smaller, number of VMs using linux vservers. > The approach here is to almost cut each machine down to a chroot that > runs only one (or thereabouts) interesting service. I'm working in a similar way: my dedicated boxes are VM hosts (currently ovz,

Re: [gentoo-dev] avoiding urgent stabilizations

Hi I'm starting to put together a portage/stable server configuration for a large number of gentoo VM's that will eventually be hosted on a VMware ESX 4.1U1 cluster - with the goal of limiting major changes to once/year and otherwise only applying security/minimum necessary updates. I doubt it

Re: [gentoo-dev] avoiding urgent stabilizations

All, > Perhaps this is an argument for a git based portage tree? Master can > stay as the current status quo and anyone who wants to can maintain a > branch or fork which points to a slightly different subset of the tree? > I'm starting to put together a portage/stable server configuration for

Re: [gentoo-dev] avoiding urgent stabilizations

On 21/02/2011 00:11, Enrico Weigelt wrote: * Markos Chandras schrieb: My suggestion, as I said to fosdem, is to freeze, or take a snapshot if you like, of the current tree, stabilize what you need to stabilize, test the whole tree ( at least compile wise ) for a couple of weeks and then replac

Re: [gentoo-dev] avoiding urgent stabilizations

* "Pawe?? Hajdan, Jr." schrieb: > By the way, to turn this thread into some action: what testing do we > currently perform for auto-generated stages? It'd be cool to at least > compile-test that the stage can "emerge -e world" itself, and emerge > some common packages (with FEATURES="test" so tha

Re: [gentoo-dev] avoiding urgent stabilizations

* Fabian Groffen schrieb: > Hmmm, odd. I experience amd64 (stable) as being pretty stable on my > servers. Last breakage which really got me upset was php, but that's > already some time ago. the ini file issue ? > With Gentoo you should update on fairly regular intervals, and have the > time

Re: [gentoo-dev] avoiding urgent stabilizations

* Markos Chandras schrieb: > My suggestion, as I said to fosdem, is to freeze, or take a > snapshot if you like, of the current tree, stabilize what you > need to stabilize, test the whole tree ( at least compile wise ) > for a couple of weeks and then replace the existing stable tree. hmm, wou

Re: [gentoo-dev] avoiding urgent stabilizations

On Wed, Feb 09, 2011 at 10:26:19AM -0500, Rich Freeman wrote: > I have heard similar complaints about GLSAmaker. I half-wonder if it > would make more sense to just edit the xml files directly and validate > them with a tool, and send out an email, if the tool really is that > bad. a3li has been w

Re: [gentoo-dev] avoiding urgent stabilizations

On 10:26 Wed 09 Feb , Rich Freeman wrote: > I have heard similar complaints about GLSAmaker. I half-wonder if it > would make more sense to just edit the xml files directly and validate > them with a tool, and send out an email, if the tool really is that > bad. If this is really the probl

Re: [gentoo-dev] avoiding urgent stabilizations

On Wed, Feb 9, 2011 at 9:08 AM, "Paweł Hajdan, Jr." wrote: > I think http://www.gentoo.org/security/en/vulnerability-policy.xml > specifies the target delay, and also mentions temporary GLSAs. > Unfortunately, that process does not seem to be followed due to general > difficulty of drafting GLSAs

Re: [gentoo-dev] avoiding urgent stabilizations

On 2/9/11 2:57 PM, Rich Freeman wrote: > Perhaps we should target having glsas published within a certain > amount of time after a vulnerability is disclosed, whether corrected > or not. We could re-publish a final notice once all is well. We > really shouldn't consider users safe from a security

Re: [gentoo-dev] avoiding urgent stabilizations

On Tue, Feb 8, 2011 at 12:57 PM, Fabian Groffen wrote: > On 08-02-2011 18:46:32 +0100, Andreas K. Huettel wrote: >> > Other than monitoring bugzilla, how does a Gentoo user even know that they >> > have a package pending a security update?  It seems like glsa's lag >> > stabilization by a consider

Re: [gentoo-dev] avoiding urgent stabilizations

On 12:37 Tue 08 Feb , Rich Freeman wrote: > On Feb 8, 2011 11:44 AM, "Donnie Berkholz" wrote: > > (With exceptions for security issues.) > > Other than monitoring bugzilla, how does a Gentoo user even know that > they have a package pending a security update? It seems like glsa's > lag sta

Re: [gentoo-dev] avoiding urgent stabilizations

On Tuesday 08 February 2011 18:57:20 Fabian Groffen wrote: > On 08-02-2011 18:46:32 +0100, Andreas K. Huettel wrote: > > > Other than monitoring bugzilla, how does a Gentoo user even know that they > > > have a package pending a security update? It seems like glsa's lag > > > stabilization by a co

Re: [gentoo-dev] avoiding urgent stabilizations

On 08-02-2011 18:46:32 +0100, Andreas K. Huettel wrote: > > Other than monitoring bugzilla, how does a Gentoo user even know that they > > have a package pending a security update? It seems like glsa's lag > > stabilization by a considerable timeframe. > > Yep. GLSA is something that seems to hap

Re: [gentoo-dev] avoiding urgent stabilizations

> Other than monitoring bugzilla, how does a Gentoo user even know that they > have a package pending a security update? It seems like glsa's lag > stabilization by a considerable timeframe. Yep. GLSA is something that seems to happen roughly one year after no affected package is in tree anymore

Re: [gentoo-dev] avoiding urgent stabilizations

On Feb 8, 2011 11:44 AM, "Donnie Berkholz" wrote: > > (With exceptions for security issues.) Other than monitoring bugzilla, how does a Gentoo user even know that they have a package pending a security update? It seems like glsa's lag stabilization by a considerable timeframe. I get the impress

Re: [gentoo-dev] avoiding urgent stabilizations

On 13:22 Tue 08 Feb , Fabian Groffen wrote: > With Gentoo you should update on fairly regular intervals, and have > the time inbetween as short as possible, but 2 or 3 weeks appears to > be fine. I myself have a cronjob that syncs every night, and mails me > the output of emerge -Dupv world

Re: [gentoo-dev] avoiding urgent stabilizations

On Tue, Feb 8, 2011 at 7:03 AM, Markos Chandras wrote: > I see what you are saying. However, the 6 months testing is far from > what I have in mind. I could see there being room for something in-between, but I share the concerns of others that rolling releases are part of what makes Gentoo, well,

Re: [gentoo-dev] avoiding urgent stabilizations

Markos, A few thoughts inlined. On 2011.02.08 12:03, Markos Chandras wrote: My main point was that as you move from an old dated set of packages to newer packages which by definition are less well tested, stability decreases. Users pick somewhere between the two extremes that they are happy

Re: [gentoo-dev] avoiding urgent stabilizations

tl;dr - can we add more automated tests to auto-generated stages? On 2/8/11 1:22 PM, Fabian Groffen wrote: > Hmmm, odd. I experience amd64 (stable) as being pretty stable on my > servers. Last breakage which really got me upset was php, but > that's already some time ago. Makes sense. Most of

Re: [gentoo-dev] avoiding urgent stabilizations

On 08-02-2011 12:03:48 +, Markos Chandras wrote: > I see what you are saying. However, the 6 months testing is far from > what I have in mind. My only intention is to bring a more stable > experience to our users. Or, stop claiming that our stable tree rocks > and Gentoo is perfect for servers

Re: [gentoo-dev] avoiding urgent stabilizations

On Tue, Feb 08, 2011 at 11:43:33AM +, Roy Bamford wrote: > On 2011.02.07 20:50, Markos Chandras wrote: > [snip] > > > My suggestion, as I said to fosdem, is to freeze, or take a > > snapshot if you like, of the current tree, stabilize what you need to > > stabilize, test the whole tree ( at le

Re: [gentoo-dev] avoiding urgent stabilizations

On 2011.02.07 20:50, Markos Chandras wrote: [snip] > My suggestion, as I said to fosdem, is to freeze, or take a > snapshot if you like, of the current tree, stabilize what you need to > stabilize, test the whole tree ( at least compile wise ) for a couple > of weeks and then replace the existing

Re: [gentoo-dev] avoiding urgent stabilizations

On 2/8/11 9:24 AM, Markos Chandras wrote: > On Mon, Feb 07, 2011 at 10:02:36PM +0100, "Paweł Hajdan, Jr." wrote: >> There are machines available for various arches at >> . I have >> at least a few chromium-related chroots on miranda, an

Re: [gentoo-dev] avoiding urgent stabilizations

On Mon, Feb 07, 2011 at 10:02:36PM +0100, "Paweł Hajdan, Jr." wrote: > On 2/7/11 9:50 PM, Markos Chandras wrote: > > My suggestion, as I said to fosdem, is to freeze, or take a > > snapshot if you like, of the current tree, stabilize what you need to > > stabilize, test the whole tree ( at least co

Re: [gentoo-dev] avoiding urgent stabilizations

On 2/7/11 9:50 PM, Markos Chandras wrote: > My suggestion, as I said to fosdem, is to freeze, or take a > snapshot if you like, of the current tree, stabilize what you need to > stabilize, test the whole tree ( at least compile wise ) for a couple of > weeks and then replace the existing stable tre

Re: [gentoo-dev] avoiding urgent stabilizations

On Mon, Feb 07, 2011 at 06:45:10PM +0100, Andreas K. Huettel wrote: > > We've been discussing this @FOSDEM too. My suggestion was that any bug that > visibly hurts stable users should always be considered at least MAJOR in > bugzilla. > > To expand on this a bit more > * a stable update that m

Re: [gentoo-dev] avoiding urgent stabilizations

We've been discussing this @FOSDEM too. My suggestion was that any bug that visibly hurts stable users should always be considered at least MAJOR in bugzilla. To expand on this a bit more * a stable update that makes the computer nonfunctional is definitely BLOCKER (and should be reverted in

Re: [gentoo-dev] avoiding urgent stabilizations

El lun, 07-02-2011 a las 18:43 +0200, Samuli Suominen escribió: > On 02/07/2011 06:19 PM, "Paweł Hajdan, Jr." wrote: > > From time to time there are stabilization bugs where the current stable > > is broken. For example, https://bugs.gentoo.org/show_bug.cgi?id=353487 > > > > However, in theory tha

Re: [gentoo-dev] avoiding urgent stabilizations

On 02/07/2011 06:19 PM, "Paweł Hajdan, Jr." wrote: > From time to time there are stabilization bugs where the current stable > is broken. For example, https://bugs.gentoo.org/show_bug.cgi?id=353487 > > However, in theory that should not happen, because presumably the > current stable has been test

[gentoo-dev] avoiding urgent stabilizations

From time to time there are stabilization bugs where the current stable is broken. For example, https://bugs.gentoo.org/show_bug.cgi?id=353487 However, in theory that should not happen, because presumably the current stable has been tested in the past and considered not broken. Of course that wou