Update ImageMagick in Fedora 16

Tue May 29 16:21:23 UTC 2012

28.05.2012 16:23, Kalev Lember wrote:
> On 05/27/2012 10:28 PM, Pavel Alexeev wrote:
>> Hi.
>>
>> Due to the security issues ([1] for example) and act as newcomer
>> provenpackager I'll plan update ImageMagick in Fedora 16 too (I should
>> had been done it early off course). It seams addressed in rawhide.
> Hi Pavel,
>
> I'm not sure it's a good idea to do ImageMagick soname bump and a large
> scale rebuild in a stable Fedora release. The last ImageMagick soname
> bump in F17 was very painful, with broken deps in the repo for about a
> month. Isn't it possible to backport the individual security patches to
> F16 and avoid the ImageMagick ABI change?
It is main reason why I request provenpackager rights. In fedora 17 it 
was so painful because I several times asks build dependencies and then 
ask help to push updates too.
I think in that turn now I can do all that myself, so it should be smoother.

As there around 6 security issues, I think update upstream release is 
easiest, and furthermore robust way handle it.

>   How are other distros handling
> the security issue?
>
> I'd also like to quote the Updates Policy for Stable Releases[1]: "ABI
> changes in general are very strongly discouraged, they force larger
> update sets on users and they make life difficult for third-party
> packagers."
>
> [1] http://fedoraproject.org/wiki/Updates_Policy#Stable_Releases
There also statement about security updates allowing that ( 
http://fedoraproject.org/wiki/Updates_Policy#Security_fixes ):
" If upstream does not provide security fixes for a particular release, 
and if backporting the fix would be impractical, then a package may be 
rebased onto a version that upstream supports. The definition of 
practicality is left to the judgement of FESCO and the packager."
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120529/e61ca389/attachment-0001.html>