[WBEL-devel] Re: How to get the RHEL Errata?
John Morris
jmorris@beau.org
Fri, 28 Nov 2003 15:06:12 -0600 (CST)
On 26 Nov 2003, Sebastian Welsh wrote:
> Roughly how many packages have required modification so far? This may
> suggest the amount of work required to maintain sync with RedHat errata.
To date, here is the list of changed packages to date:
anaconda-9.1-8.RHEL.WB1.src.rpm
anaconda-help-9.1-3.RHEL.WB1.src.rpm
anaconda-images-9.1-2.RHEL.WB1.src.rpm
anaconda-product-3-1WB.src.rpm
firstboot-1.1.19-WB1.src.rpm
httpd-2.0.46-25.ent.WB1.src.rpm
indexhtml-3-WB1.src.rpm
initscripts-7.31.6.EL.WB1-1.src.rpm
redhat-artwork-0.73.2-1E.WB1.src.rpm
redhat-logos-1.1.14.3-1.WB1.src.rpm
rpm-4.2.1-4.2.WB1.src.rpm
sysstat-4.0.7-4.WB1.src.rpm
whitebox-release-3WB-1.src.rpm
Before -final I want to add mozilla and xscreensaver to the list.
> Am I right in assuming that inserting a patch into the spec for each
> encumbered package is the preferred approach? I expect in most cases the
> original patch will retain compatibility with errata.
Depends on the package. In cases like rpm, httpd, forstboot and
initscripts a whitebox.patch file is the best way. On the art packages I
think just repacking the modified version works better since patch isn't
very efficient with graphics and it might be better to keep the
trademarked images completely out.
> IMHO, using a package-maintainer approach may make this easier to manage
> in the long run, but I am unsure how keen people are for the
> organisational overheads this would require. I would certainly be
> willing to commit.
Should not be that complicated. By making sure everything will build on
WBEL it should be fairly easy for anyone to work do it. As of now I'm
planning to post binary & source errata within a day or so of seeing the
SRPM show on the Red hat mirror network, but in the event I were hit by
the proverbial bus it won't be much of a problem for anyone else to do it.
> A longer-term concern of mine is the possibility that in the future, we
> have no guarantee that the SRPM errata will be sufficient to generate a
> complete OS. Playing the "if I were RedHat" thought experiment, I'd
> consider introducing proprietal software to Enterprise Linux upon which
> common components depended in order to reinforce my new sales model. I
> respect RedHats right to grow a sustainable business, but really hope
> that I am just being viciously creative :)
This won't be a problem with RHEL3/WBEL3. RedHat does NOT release new
packages for an existing product. They almost always backport bug fixes
and security patches to the shipped version, following the principle of
least suprise. That is why applying Red Hat's errata is a no brainer and
a Microsoft service pack is a crapshoot. We know that, Red Hat knows that
and their paying customers certainly base their purchase decisions on it.
The idea that Red Hat would change such a winning formula over our efforts
is extreme hubris. :)
They have occasionally released a new version of a package for an existing
product, but never as a security fix and usually as an unofficial release.
Examples have been new kernels, mozilla versions, etc.
--
John M. http://www.beau.org/~jmorris This post is 100% M$ Free!
Geekcode 3.1:GCS C+++ UL++++$ P++ L+++ W++ w--- Y++ b++ 5+++ R tv- e* r