[OpenIndiana-discuss] How many versions of libs/apps should OI provide?
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Thu Dec 22 19:53:10 UTC 2016
On Thu, 22 Dec 2016, Peter Tribble wrote:
>
> I thoroughly dislike the "stable" approach of backporting patches to
> older versions. In my experience this ends up being expensive to
> maintain compared to just building current, ties you up in knots
> because other things require newer versions, and give you bigger and
> harder jumps (and more breakage) when you finally do upgrade.
There is also the problem is that the available patches do not
represent all of the fixes available in the latest release. This is
particularly true in recent years where the developer has access to
much better tools (e.g. valgrind, ASAN, Fuzzy LOP, Coverity, and
improved compiler warnings/lint) to discover problems and validate the
software and these tools were not available when the older versions
were developed.
Distributions like Debian only create patches for issues given a CVE
and thoroughly ignore other known issues and the many issues which
were silently fixed by the package developer.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the openindiana-discuss
mailing list