Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Aug 2011 03:54:38 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: Owl 4.0 priorities

On Sun, Aug 28, 2011 at 02:41:33PM +0200, devzero2000 wrote:
> Alexander, would you consider also to upgrade the rpm release ?

Yes, this is within consideration, especially given rpm5 upstream's
interest in cooperation.

> It is too old, might have security problems already solved, you know.

It might as well lack security problems introduced later, you know. ;-)

> In the similar vein also libpopt.

Yes, these are likely to be upgraded at once.

In my opinion, an important reason for Owl to move to newer RPM is to
support newer RPM packages from/for other distros.  Our current rpm-4.2
with patches is unable to process some of the more recent .rpm's, such
as from Fedora 11+.

> Openwall can now make a choice. For @rpm.org o@...5.org, to
> which I belong (as devzero2000). Is not trivial to make this choice or
> migrate to @rpm5.org. But there are people interested inside to @rpm5.org to
> the Openwall distro, for its stability and for the people who participate
> and contribuite to that. Also @rpm5.org have searched  the help of a
> security review to openwall, because @rpm5.org believe much in security and
> today have also the more complete crypto stack inside it.
> 
> No marketing, not flame please, because live is so shorter,  just an
> opportunity between developer that have common goal.

Yes, this matters to us.  It's just that life is too short, as you say,
so we can't possibly do everything we would have wanted to.  This might
or might not be one of those things we'd do before Owl 4.0.

Also, I am not sure of rpm5's compatibility/support for packages
produced by recent rpm 4.x in other distros.  Will we get support (as
far as RPM is concerned only, indeed) for packages e.g. from latest
Fedora if we go with rpm5?  Of course, actual support for such packages
would require lots of things beyond RPM's compatibility.  My question is
about RPM's aspects of compatibility only - package file format, payload
compression methods, etc.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ