On Wed, Sep 28, 2016 at 8:12 AM, Stephen Gallagher <sgallagh(a)redhat.com> wrote:
I updated the Bodhi update in EPEL to the latest 6.7.0 security
release last
night. I just want to remind people that there remain only three days until EOL
of 0.10.x, so I think we really need to make the cut-over today or tomorrow by
providing karma to push the update to stable. It takes at least a day to make it
to most mirrors.
I wish we had a bit more time for this, but security updates seem to be coming
at an accelerated pace lately. I missed Jim Perrin's original note about a
Fedora Magazine post for EPEL and CentOS to link to (sorry about that, Jim), but
I'll see if I can get something written up and published today. It's probably
"too little, too late", but I'll at least provide the justification.
Part of the reason I support making the cutover immediately is because the
high-severity security updates from last night *also* impact 0.10.x and we don't
have a meaningful way to deliver 0.10.47 to EPEL 7 right now (since the 6.7.0
package is in epel-testing). We either need to cut over to 6.7.0 or else
withdraw that update, push the 0.10.47 update, wait for it to go stable and then
reintroduce 6.7.0. This seems like a large amount of effort for very little benefit.
I'd suggest just pushing 6.7.0. Anything else is delaying the inevitable...
(Apologies for stream-of-consciousness; I'm thinking this through
as I type)
I do see one alternative if we want to provide a little more time in testing for
6.x... we could do the above 0.10.47 release by pulling 6.x, *rush* that in by
karma-cheating[*], put 6.7.0 back in updates testing and hold off on the cutover
for X days or the next security release, whichever comes first.
That's a lot of work for an update that's going to die off literally
within days... I suggest just pushing forward with nodejs 6.x.
--
真実はいつも一つ!/ Always, there's only one truth!