On Tue, 14 Oct 2008 05:43:05 +0200
rc040203(a)freenet.de (Ralf Corsepius) wrote:
On Mon, 2008-10-13 at 10:16 -0500, Jeffrey Ollie wrote:
...snip...
>
> Unfortunately, upstream developers don't always release bugfix-only
> releases. Many times they introduce new features or change the
> behavior of old features.
Right, and how do you expect EPEL to handle this issue?
I would expect EPEL to starve out contributors during RHEL's long time
time and those who will try to continue supporting it, will be facing
the problems you described.
May-be I missed it, but I would like to hear about EPEL's visions on
this matter.
Sorry for the late reply.
In many ways EPEL has it easy. Since they don't maintain the kernel,
glibc, and all the other packages that RHEL maintains.
But you are right, for the packages they do maintain it will get harder
over time to backport security fixes or avoid updating versions.
I think the fact that EPEL doesn't have to handle those more
vulnerable core packages, and only has to worry about the leaf node
packages is one thing that makes it more viable.
Also, note that since many of the packages in EPEL are leaf nodes /
add on packages they don't tend to have deep dependencies that more
central packages have.
Ralf
kevin