[Pkg-ia32-libs-maintainers] ia32-lib plans and security support for same
dann frazier
dannf at dannf.org
Tue Apr 29 21:48:48 UTC 2008
On Tue, Apr 29, 2008 at 11:13:47PM +0200, Florian Weimer wrote:
> * Goswin von Brederlow:
>
> > Joerg Jaspert <ftpmaster at debian.org> writes:
> >
> >> - The included complete copy of the source *and* the existing i386
> >> binary is something that is really bad. Yes, we get in trouble if we
> >> don't include the source for packages on the archive, but it is still
> >> a *very* strong point against this packaging scheme.
> >> We (as in ftp-team), but even more the security team are against
> >> them.
>
> I think from a security support POV, we can get away with it if the
> .debs are not actually built from the included source code.
>
> > I hope you feel that this will simplify matters not just for us but
> > also for you and will allow this package split continue.
>
> I simply lack the necessary network bandwidth to keep the current
> ia32-libs updated. But for someone with good connectivity, it should be
> relatively straightforward to build periodic roll-up packages. We
> should figure out why this hasn't happened. The fundamental problem
> probably lies somewhere else.
I actually looked into trying to do ia32-libs updates for etch
recently, but didn't know how to proceed. The source code build failed
for me with conflicting build-deps. (Bdale gave me some pointers
but I hadn't gotten around to following them.)
I have good connectivity and would be willing to help here if shown
how to do it.
> (Note that you need to deal with security updates *and*
> stable-proposed-updates, BTW.)
An update in the next etch point release would be good to see..
> And what about downloader that build .debs locally, from the i386 .debs?
> Has this approach been considered? This would sidestep the issue of
> up-to-dateness.
>
--
dann frazier
More information about the Pkg-ia32-libs-maintainers
mailing list