<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
28.05.2012 16:23, Kalev Lember wrote:
<blockquote cite="mid:4FC36E3B.7080106@gmail.com" type="cite">
<pre wrap="">On 05/27/2012 10:28 PM, Pavel Alexeev wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi.
Due to the security issues ([1] for example) and act as newcomer
provenpackager I'll plan update ImageMagick in Fedora 16 too (I should
had been done it early off course). It seams addressed in rawhide.
</pre>
</blockquote>
<pre wrap="">
Hi Pavel,
I'm not sure it's a good idea to do ImageMagick soname bump and a large
scale rebuild in a stable Fedora release. The last ImageMagick soname
bump in F17 was very painful, with broken deps in the repo for about a
month. Isn't it possible to backport the individual security patches to
F16 and avoid the ImageMagick ABI change?</pre>
</blockquote>
It is main reason why I request provenpackager rights. In fedora 17
it was so painful because I several times asks build dependencies
and then ask help to push updates too.<br>
I think in that turn now I can do all that myself, so it should be
smoother.<br>
<br>
As there around 6 security issues, I think update upstream release
is easiest, and furthermore robust way handle it.<br>
<br>
<blockquote cite="mid:4FC36E3B.7080106@gmail.com" type="cite">
<pre wrap=""> How are other distros handling
the security issue?
I'd also like to quote the Updates Policy for Stable Releases[1]: "ABI
changes in general are very strongly discouraged, they force larger
update sets on users and they make life difficult for third-party
packagers."
[1] <a class="moz-txt-link-freetext" href="http://fedoraproject.org/wiki/Updates_Policy#Stable_Releases">http://fedoraproject.org/wiki/Updates_Policy#Stable_Releases</a></pre>
</blockquote>
There also statement about security updates allowing that (
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<a
href="http://fedoraproject.org/wiki/Updates_Policy#Security_fixes">http://fedoraproject.org/wiki/Updates_Policy#Security_fixes</a>
):<br>
"
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<span style="color: rgb(0, 0, 0); font-family: sans-serif;
font-size: 12.499999046325684px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; line-height:
14.999999046325684px; orphans: 2; text-align: -webkit-auto;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); display: inline !important; float: none; ">If upstream does
not provide security fixes for a particular release, and if
backporting the fix would be impractical, then a package may be
rebased onto a version that upstream supports. The definition of
practicality is left to the judgement of FESCO and the packager.</span>"<br>
<blockquote cite="mid:4FC36E3B.7080106@gmail.com" type="cite">
<pre wrap="">
</pre>
</blockquote>
<br>
</body>
</html>