Hi, i m looking for a complete package review process. I have only found
Le 22 juin 2011 18:27, "Les Mikesell" <firstname.lastname@example.org> a écrit*:> On 6/22/2011 4:17 AM, Ljubomir Ljubojevic wrote:
>>> I'd expect it to be common for the kernels and probably glibc's included with a
>>> point release or soon thereafter to include security fixes. If you push those,
>>> you have the biggest risk of affecting everything else - so what's the point of
>>> isolating the rest?
>> All I can see is you pushing extreme case scenario on something that is
>> good will of the devs to lower aggravation of people waiting for point
>> release to be completed, with agenda to push for 2-days delay between
>> upstream and CentOS point releases, knowing it can not physically
>> happen. It's like watching my 2-years old nephew screaming for his
>> bottle of milk even tho he can see his mother pouring it just in front
>> of him.
>> The packages that **can** be released faster *will* be released faster,
>> those that could brake things will be held back, it is simple as that,
>> at least in my book.
> It's speculation at this point, but I think security fixes in the kernel
> and major libs are to be expected instead of being some extreme case,
> and those are precisely the most likely things that would cause
> something to break if done incorrectly. The point of planning the early
> release concept in the first place should be to get these fixes out to
> the people who otherwise become targets of well-known exploits and
> rootkits. Assume, for example, that another flaw is found in php or a
> web app that allows remote command execution, and another glibc flaw
> like the one recently fixed that allowed root escalation if you could
> make a symlink to a suid file. Now assume that the fixes for these
> vulnerabilities comes in or immediately after the point release. That
> scenario seems normal, expected, and what the early release planning
> should be all about instead of holding these back until a working
> ananconda and iso layout is ready and tested.
>> I will even dare to speculate that main reason for people to opt-in for
>> CR repo will be so they can see how many packages are finished and to
>> see packages coming out so they do not freak out without a visible
>> progress. Side affect will be that some of them will be able to busy
>> them selfs with comparing against upstream packages.
> I think this is unlikely - unless they are unaware of the pending
> security issues, don't watch the news, and never look at their logs - or
> don't have an internet connection.
> Les Mikesell
> CentOS-devel mailing list
CentOS-devel mailing list
06-22-2011, 05:02 PM
Ask for the centos package review process
Regis Perdreau wrote:
> Hi, i m looking for a complete package review process. I have only found
Please define what exactly you mean under "package review process".
You can search the mailing list archive, like:
and find several mails with links describing how to rebuild RHEL
packages and distro.
CentOS-devel mailing list