ubuntuone-users team mailing list archive

[Rodney Dawes <rodney.dawes@xxxxxxxxxxxxx>]

On Sat, 2010-11-27 at 12:10 -0800, Clint Byrum wrote:
> Also, why would 10.10 need to be updated in any way if it already
> supports the newer protocol?

In 10.10 and 11.04, we already ship CouchDB 1.0. Why should users
continue to have two versions installed after an upgrade to either of
those versions of Ubuntu? We will have to ship updates so that the
package splitting we might do, would be reconciled on upgrade.

> > There are also other security fixes included in the set of changes from
> > 0.10 to 1.0, which means anyone actually using 0.10 is probably going to
> > have to update anyway.
> > 
> 
> Our security team backports security fixes to the released version in an
> LTS, so I'm not sure how that is relevant.
> 

The situation is similar to that of Firefox. CouchDB is not a simple
package. The fixes are not simply applied to the older version. They are
fairly invasive. Otherwise, we wouldn't be having this 3 month long
conversation trying to come up with an amicable solution for all
parties, as we would have already backported the fix we need. And I'm
sure an SRU would have been in that case, were it possible. With Firefox
and other Mozilla projects in the past, security updates have been
issued by upgrading to a newer major version of the package in question.

Attachment: signature.asc
Description: This is a digitally signed message part