Update ImageMagick in Fedora 16
Pavel Alexeev
forum at hubbitus.com.ru
Tue May 29 16:21:23 UTC 2012
28.05.2012 16:23, Kalev Lember wrote:
> On 05/27/2012 10:28 PM, Pavel Alexeev wrote:
>> Hi.
>>
>> Due to the security issues ([1] for example) and act as newcomer
>> provenpackager I'll plan update ImageMagick in Fedora 16 too (I should
>> had been done it early off course). It seams addressed in rawhide.
> Hi Pavel,
>
> I'm not sure it's a good idea to do ImageMagick soname bump and a large
> scale rebuild in a stable Fedora release. The last ImageMagick soname
> bump in F17 was very painful, with broken deps in the repo for about a
> month. Isn't it possible to backport the individual security patches to
> F16 and avoid the ImageMagick ABI change?
It is main reason why I request provenpackager rights. In fedora 17 it
was so painful because I several times asks build dependencies and then
ask help to push updates too.
I think in that turn now I can do all that myself, so it should be smoother.
As there around 6 security issues, I think update upstream release is
easiest, and furthermore robust way handle it.
> How are other distros handling
> the security issue?
>
> I'd also like to quote the Updates Policy for Stable Releases[1]: "ABI
> changes in general are very strongly discouraged, they force larger
> update sets on users and they make life difficult for third-party
> packagers."
>
> [1] http://fedoraproject.org/wiki/Updates_Policy#Stable_Releases
There also statement about security updates allowing that (
http://fedoraproject.org/wiki/Updates_Policy#Security_fixes ):
" If upstream does not provide security fixes for a particular release,
and if backporting the fix would be impractical, then a package may be
rebased onto a version that upstream supports. The definition of
practicality is left to the judgement of FESCO and the packager."
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120529/e61ca389/attachment-0001.html>
More information about the devel
mailing list