URGENT: exotic arches need Qt 4.5.3 stabilization
I am of the opinion it is irresponsible to leave vulnerable versions of Qt with
known security bugs any longer in the tree. The Qt team therefore requests that arches that have not done so already move quickly on stabilizing Qt 4.5.3, see bug 290922 and 283810. We plan on REMOVING or at the very least HARDMASKING pending removal all <=4.5.2 ebuilds by the end of this week. This means that arches that have not stabilized 4.5.3 would loose their stable Qt4 version. Please let us know if there is any way in which we can assist arches. We are aware that some arches are down to one active person. But if there is no other way, maybe the status of such arches should be reconsidered. We especially request ppc64 to be marked as an experimental arch, as it is the worst one lagging in stabilization. See bug 281821 for a poignant example, a 3 months open security bug. Regards, -- Ben de Groot Gentoo Linux developer (qt, media, lxde, desktop-misc) __________________________________________________ ____ |
URGENT: exotic arches need Qt 4.5.3 stabilization
Hi!
On Mon, 09 Nov 2009, Ben de Groot wrote: > We especially request ppc64 to be marked as an experimental arch, as it > is the worst one lagging in stabilization. See bug 281821 for a poignant > example, a 3 months open security bug. As a side note, don't hesitate to poke me or armin76 if you have the feeling that anything is lagging because alpha isn't quick enough. I try to handle security bugs (i.e. "CC: alpha and (CC: or requestor security@)") first, but in the case of Qt, there were two bugs, one normal stablereq with CC alpha and security bug without arch CCs. Thus, it just wasn't on my radar as needing quick action. Regards, Tobias PS: I assume the "just poke me gently if you think I'm slow" goes for other arches as far as armin76 is concerned, but I let him speak for himself. -- printk("Pretending it's a 3/80, but very afraid... "); linux-2.6.19/arch/m68k/sun3x/prom.c |
URGENT: exotic arches need Qt 4.5.3 stabilization
On Mon, 2009-11-09 at 14:33 +0100, Ben de Groot wrote:
> I am of the opinion it is irresponsible to leave vulnerable versions of Qt with > known security bugs any longer in the tree. The Qt team therefore requests > that arches that have not done so already move quickly on stabilizing Qt > 4.5.3, see bug 290922 and 283810. It is more irresponsible and outright wrong to remove the latest stable revision of a package for some arches, despite security implications. Hard masking constitutes the same - the last stable version is not in stable visibility anymore. You can however remove the keywords of the arches from older versions that do have a newer version/revision stable as seen in all profiles. > We plan on REMOVING or at the very least HARDMASKING pending removal > all <=4.5.2 ebuilds by the end of this week. This means that arches that have > not stabilized 4.5.3 would loose their stable Qt4 version. How do you see this being acceptable for the users of these architectures? Many of these architectures that are "lagging behind" not being even security supported architectures. > Please let us know if there is any way in which we can assist arches. We > are aware that some arches are down to one active person. But if there is > no other way, maybe the status of such arches should be reconsidered. It seems most these arches that are at ~1 person are not security supported either > We especially request ppc64 to be marked as an experimental arch, as it > is the worst one lagging in stabilization. See bug 281821 for a poignant > example, a 3 months open security bug. First its security supported status should be considered, not making it an experimental arch, as that could very well throw it in a backwards spiral of getting more and more problematic due to repoman iirc not checking issues with it by default. -- Mart Raudsepp Gentoo Developer Mail: leio@gentoo.org Weblog: http://planet.gentoo.org/developers/leio |
URGENT: exotic arches need Qt 4.5.3 stabilization
Ben de Groot wrote:
> I am of the opinion it is irresponsible to leave vulnerable versions of Qt with > known security bugs any longer in the tree. The Qt team therefore requests > that arches that have not done so already move quickly on stabilizing Qt > 4.5.3, see bug 290922 and 283810. > > > We plan on REMOVING or at the very least HARDMASKING pending removal > all <=4.5.2 ebuilds by the end of this week. This means that arches that have > not stabilized 4.5.3 would loose their stable Qt4 version. > > It is also irresponsible to punish users by breaking the tree when arches can't keep up. > Please let us know if there is any way in which we can assist arches. We > are aware that some arches are down to one active person. But if there is > no other way, maybe the status of such arches should be reconsidered. > > We especially request ppc64 to be marked as an experimental arch, as it > is the worst one lagging in stabilization. See bug 281821 for a poignant > example, a 3 months open security bug. > I'm sorry that we're having a hard time keeping up, but ppc64 has been primarily supported by ranger in the recent past, with help from time to time by other devs. He's been busy with real life work and I was unaware that security bugs were slipping. So, sorry you're annoyed. :p Perhaps pinging on our IRC channel, or a direct email to the ppc64@ alias might have helped to bring this to our attention sooner, personally I know that I sometimes gloss over bugzilla emails due to the high volume of requests the arch team gets (doubled since I also work on the 32 bit port). I would be extremely disappointed to see ppc/ppc64 be marked as experimental. As of now, Gentoo is one of the few distributions that maintains support for ppc/ppc64 (Fedora recently dropped ppc/ppc64 from it's primary status, I think it's just us and debian left out of the major distributions) and I'd be sorry to see that go. Again, sorry for the delay, QT-4.5.3 has been marked ppc64 stable and should be good to go after bug #261632 is fixed. -Joe |
URGENT: exotic arches need Qt 4.5.3 stabilization
Thank you very much for your work on stabling 4.5.3. Sorry I overdid it bit,
I was getting a tad frustrated. I'll try finding the right persons on IRC then, when I notice bugs going unanswered. All we need now is hppa. Cheers, -- Ben de Groot Gentoo Linux developer (qt, media, lxde, desktop-misc) __________________________________________________ ____ |
| All times are GMT. The time now is 03:29 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.