Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:54793
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain thelounge.net designates 91.118.73.15 as permitted sender)
Message-ID: <4E523A7F.1040700@thelounge.net>
Date: Mon, 22 Aug 2011 13:16:15 +0200
Organization: the lounge interactive design
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110816 Thunderbird/6.0
MIME-Version: 1.0
To: internals@lists.php.net
References: <4E510339.3000609@thelounge.net> <CAEZPtU7+QBPFWVk7iZ5RfU6b999zNNe1wpX-5Lv7gOpvCpepsQ@mail.gmail.com> <4E51078E.1000401@thelounge.net> <CAEZPtU7WKucxQ-Nus+2JGCXutKrqfKETVH8d=uz237itxxq6Ww@mail.gmail.com> <4E520DAC.1090609@oracle.com> <4E5212BD.50306@thelounge.net> <CAEZPtU4W7H92GYEdUHpsiZXxmUkQa+GsfoO25DKqP4dGmWzRSQ@mail.gmail.com> <4E52226C.8030400@lsces.co.uk> <4E522A37.6050301@thelounge.net> <4E5238C7.6040206@lsces.co.uk>
In-Reply-To: <4E5238C7.6040206@lsces.co.uk>
OpenPGP: id=7F780279;
	url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig060E8589DDDAB532B4311918"
Subject: Re: [PHP-DEV] Failing Autotests / Bugs
From: h.reindl@thelounge.net (Reindl Harald)

--------------enig060E8589DDDAB532B4311918
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable



Am 22.08.2011 13:08, schrieb Lester Caine:
> Reindl Harald wrote:
>> there should be placed diff-files for security fixes directly on the d=
ownload-page
>> they could be easily included in rpmbuild/spec-file if they are matchi=
ng to the latest
>> tar.bz2, but the current release process does not support this and for=
ces users
>> if they wanting their machines as secure as possible to grab in the VC=
S manually
>> and hoping make no mistake by making this on their own - it is a hughe=
 difference
>> for a administrator innclude provided patches in a spec-file or deal w=
ith the
>> whole php-source
>
> Actually this is possibly another argument for a properly managed DVCS =
setup? On other projects I can pick
> critical commits and apply them, and it flags when other bits need to b=
e implemented as well. Almost does away
> with the need to produce actual releases, but you do need to differenti=
ate security fixes from simple 'improvements'?

this has really nothing to do with DVCS

a patch is security-critical or not and if he is atomic enough to be sure=
 that
there are no big side-effects to expect it woulld be really fine to inclu=
de
it directly on the download-page with short-decritpion and date

so any linux-distribution or people like i who are building there owm RPM=
s
based on them of the distribution can easily download and include in SPEC=
-file
without touching the released tar.bz2 what gives the benefit that the pat=
ch
can be reverted by adding a simple # before the line in the SPEC-file

this is the biggest benefit of rpmbuild, you never have to touch the tarb=
all
because rpmbuild is creating a new clean build-environment, unpacking the=
 tarball
in it and applying patches from SPEC directly before compile the source


--------------enig060E8589DDDAB532B4311918
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5SOn8ACgkQhmBjz394Anm0vgCdF6xoxW0smI2uNKCVH0JIzyMx
N1YAnjZJjkTaZ1CAQq4lIPb0QlGX0oXi
=9Fbt
-----END PGP SIGNATURE-----

--------------enig060E8589DDDAB532B4311918--