← Back to team overview

ubuntuone-users team mailing list archive

Re: CouchDB 1.0 SRU to 10.04 LTS

 


"Rodney Dawes" <rodney.dawes@xxxxxxxxxxxxx> wrote:

>On Sat, 2010-11-27 at 12:10 -0800, Clint Byrum wrote:
>> Also, why would 10.10 need to be updated in any way if it already
>> supports the newer protocol?
>
>In 10.10 and 11.04, we already ship CouchDB 1.0. Why should users
>continue to have two versions installed after an upgrade to either of
>those versions of Ubuntu? We will have to ship updates so that the
>package splitting we might do, would be reconciled on upgrade.
>
As long as the security fixes are done for the existing packages it's harmless for them to remain installed. Once the u-one client no longer depends on it,  it should be eligible for auto removal in any case. Fixing the upgrade case can be easily handled by update-manager.

>> > There are also other security fixes included in the set of changes
>from
>> > 0.10 to 1.0, which means anyone actually using 0.10 is probably
>going to
>> > have to update anyway.
>> > 
>> 
>> Our security team backports security fixes to the released version in
>an
>> LTS, so I'm not sure how that is relevant.
>> 
>
>The situation is similar to that of Firefox. CouchDB is not a simple
>package. The fixes are not simply applied to the older version. They
>are
>fairly invasive. Otherwise, we wouldn't be having this 3 month long
>conversation trying to come up with an amicable solution for all
>parties, as we would have already backported the fix we need. And I'm
>sure an SRU would have been in that case, were it possible. With
>Firefox
>and other Mozilla projects in the past, security updates have been
>issued by upgrading to a newer major version of the package in
>question.

This is not even remotely like Firefox. 

Scott K



References