Legacy in Build Roots
Christian Iseli
Christian.Iseli at licr.org
Fri Aug 4 22:50:11 UTC 2006
On Sun, 2 Jul 2006 12:46:44 +0200, Michael Schwendt wrote:
> Any FE packager, who still wants to support all his FE packages, now must
> track Legacy and test current and future packages appropriately as legacy
> upgrades may break things at run-time and/or build-time. Unless Legacy
> Updates remain in a separate repository and are not merged with FC
> Updates. In that case, FE packagers would face two targets, however.
>
> Conclusively, we would need a policy that Fedora Legacy becomes mandatory
> for old FE branches, which are in maintenance state. When the FE buildsys
> enables Legacy packages, it must be mandatory that the packagers track
> Legacy Updates and test their packages appropriately.
>
> With regard to
> https://www.redhat.com/archives/fedora-extras-list/2006-April/msg01650.html
> there doesn't seem to be any signs of the security team in the Wiki yet.
> Who is on the security team and will take over maintenance of old FE
> branches? I'd like FE packagers to be able to drop their old FE packages
> and re-assign incoming bug reports to those, who will keep them current
> with Legacy.
>
> Previously, the Fedora Legacy team has not shown any interest in doing or
> participating in legacy updates for FE. But now that the FE buildsys would
> include their packages, they would have a direct influence on old FE
> branches both at build-time and run-time. Unlike before, the Fedora Legacy
> maintainers need to take extra precautions that they don't break FE
> because they look only at FC. It is vital that there is a clear
> announcement about who will take care of any induced breakage in FE
> (including broken upgrade paths due to inappropriate EVR, and upgrades
> requiring a chain of upgrades in FE).
Enabling legacy packages in the buildroot was discussed at the last
FESCo meeting. There was some disagreement, but I think the general
feeling went along the following lines:
a. the FL team takes over maintainership of FC when the FC team EOLs
it. Given that FL is a component of the Fedora project, I see no
reason not to trust them and their better judgement to maintain those
packages
b. FL is mainly about security fixes
c. there is no such thing as Extras Legacy, and likely won't be in the
foreseeable future
d. the impression is that most users keeping old Fedora releases
running subscribe to FL
Taking a-d into account, I see a reasonable case to take
advantage of FL security fixes for those maintainers still interested
in maintaining packages for old FE releases. It's far from perfect,
but I think it's better than not using FL.
The main problems I see:
- users need to subscribe to FL. IMHO, the proper solution is to add
FL packages to the FC updates like would seem natural. But that's not
FESCo's call. FAB maybe ?
- some FE maintainers don't want to maintain old releases. IMHO,
co-maintainership should help in that case. Or maybe the security SIG,
but they probably have enough on their plate already.
Cheers,
Christian
More information about the Fedora-maintainers
mailing list