FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 11-09-2009, 12:33 PM
Ben de Groot
 
Default URGENT: exotic arches need Qt 4.5.3 stabilization

I am of the opinion it is irresponsible to leave vulnerable versions of Qt with
known security bugs any longer in the tree. The Qt team therefore requests
that arches that have not done so already move quickly on stabilizing Qt
4.5.3, see bug 290922 and 283810.

We plan on REMOVING or at the very least HARDMASKING pending removal
all <=4.5.2 ebuilds by the end of this week. This means that arches that have
not stabilized 4.5.3 would loose their stable Qt4 version.

Please let us know if there is any way in which we can assist arches. We
are aware that some arches are down to one active person. But if there is
no other way, maybe the status of such arches should be reconsidered.

We especially request ppc64 to be marked as an experimental arch, as it
is the worst one lagging in stabilization. See bug 281821 for a poignant
example, a 3 months open security bug.

Regards,
--
Ben de Groot
Gentoo Linux developer (qt, media, lxde, desktop-misc)
__________________________________________________ ____
 
Old 11-09-2009, 04:15 PM
Tobias Klausmann
 
Default URGENT: exotic arches need Qt 4.5.3 stabilization

Hi!

On Mon, 09 Nov 2009, Ben de Groot wrote:
> We especially request ppc64 to be marked as an experimental arch, as it
> is the worst one lagging in stabilization. See bug 281821 for a poignant
> example, a 3 months open security bug.

As a side note, don't hesitate to poke me or armin76 if you have
the feeling that anything is lagging because alpha isn't quick
enough. I try to handle security bugs (i.e. "CC: alpha and (CC:
or requestor security@)") first, but in the case of Qt, there
were two bugs, one normal stablereq with CC alpha and security
bug without arch CCs. Thus, it just wasn't on my radar as needing
quick action.

Regards,
Tobias

PS: I assume the "just poke me gently if you think I'm slow" goes
for other arches as far as armin76 is concerned, but I let him
speak for himself.
--
printk("Pretending it's a 3/80, but very afraid...
");
linux-2.6.19/arch/m68k/sun3x/prom.c
 
Old 11-09-2009, 04:51 PM
Mart Raudsepp
 
Default URGENT: exotic arches need Qt 4.5.3 stabilization

On Mon, 2009-11-09 at 14:33 +0100, Ben de Groot wrote:
> I am of the opinion it is irresponsible to leave vulnerable versions of Qt with
> known security bugs any longer in the tree. The Qt team therefore requests
> that arches that have not done so already move quickly on stabilizing Qt
> 4.5.3, see bug 290922 and 283810.

It is more irresponsible and outright wrong to remove the latest stable
revision of a package for some arches, despite security implications.
Hard masking constitutes the same - the last stable version is not in
stable visibility anymore.

You can however remove the keywords of the arches from older versions
that do have a newer version/revision stable as seen in all profiles.


> We plan on REMOVING or at the very least HARDMASKING pending removal
> all <=4.5.2 ebuilds by the end of this week. This means that arches that have
> not stabilized 4.5.3 would loose their stable Qt4 version.

How do you see this being acceptable for the users of these
architectures? Many of these architectures that are "lagging behind" not
being even security supported architectures.

> Please let us know if there is any way in which we can assist arches. We
> are aware that some arches are down to one active person. But if there is
> no other way, maybe the status of such arches should be reconsidered.

It seems most these arches that are at ~1 person are not security
supported either

> We especially request ppc64 to be marked as an experimental arch, as it
> is the worst one lagging in stabilization. See bug 281821 for a poignant
> example, a 3 months open security bug.

First its security supported status should be considered, not making it
an experimental arch, as that could very well throw it in a backwards
spiral of getting more and more problematic due to repoman iirc not
checking issues with it by default.

--
Mart Raudsepp
Gentoo Developer
Mail: leio@gentoo.org
Weblog: http://planet.gentoo.org/developers/leio
 
Old 11-09-2009, 06:41 PM
Joseph Jezak
 
Default URGENT: exotic arches need Qt 4.5.3 stabilization

Ben de Groot wrote:
> I am of the opinion it is irresponsible to leave vulnerable versions of Qt with
> known security bugs any longer in the tree. The Qt team therefore requests
> that arches that have not done so already move quickly on stabilizing Qt
> 4.5.3, see bug 290922 and 283810.
>
>
> We plan on REMOVING or at the very least HARDMASKING pending removal
> all <=4.5.2 ebuilds by the end of this week. This means that arches that have
> not stabilized 4.5.3 would loose their stable Qt4 version.
>
>
It is also irresponsible to punish users by breaking the tree when
arches can't keep up.

> Please let us know if there is any way in which we can assist arches. We
> are aware that some arches are down to one active person. But if there is
> no other way, maybe the status of such arches should be reconsidered.
>
> We especially request ppc64 to be marked as an experimental arch, as it
> is the worst one lagging in stabilization. See bug 281821 for a poignant
> example, a 3 months open security bug.
>
I'm sorry that we're having a hard time keeping up, but ppc64 has been
primarily supported by ranger in the recent past, with help from time to
time by other devs. He's been busy with real life work and I was unaware
that security bugs were slipping. So, sorry you're annoyed.

Perhaps pinging on our IRC channel, or a direct email to the ppc64@
alias might have helped to bring this to our attention sooner,
personally I know that I sometimes gloss over bugzilla emails due to the
high volume of requests the arch team gets (doubled since I also work on
the 32 bit port).

I would be extremely disappointed to see ppc/ppc64 be marked as
experimental. As of now, Gentoo is one of the few distributions that
maintains support for ppc/ppc64 (Fedora recently dropped ppc/ppc64 from
it's primary status, I think it's just us and debian left out of the
major distributions) and I'd be sorry to see that go.

Again, sorry for the delay, QT-4.5.3 has been marked ppc64 stable and
should be good to go after bug #261632 is fixed.
-Joe
 
Old 11-09-2009, 07:11 PM
Ben de Groot
 
Default URGENT: exotic arches need Qt 4.5.3 stabilization

Thank you very much for your work on stabling 4.5.3. Sorry I overdid it bit,
I was getting a tad frustrated. I'll try finding the right persons on IRC then,
when I notice bugs going unanswered.

All we need now is hppa.

Cheers,
--
Ben de Groot
Gentoo Linux developer (qt, media, lxde, desktop-misc)
__________________________________________________ ____
 

Thread Tools




All times are GMT. The time now is 09:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org