[CentOS-devel] SIGs, versions, and yum update

Wed Feb 10 17:49:50 UTC 2016
BC <centoslistmail at gmail.com>

On Wed, Feb 10, 2016 at 11:36 AM, George Dunlap <dunlapg at umich.edu> wrote:
>
> As for my own opinion: I can see both sides of the story, and as a
> package maintainer I'd be willing to do either one.

Is 4.4 going to receive regular security fixes? Would a yum update to
4.6 work without downtime? By downtime I specifically mean the VMs
that are currently running continue to run as expected and management
of xen isn't broken, it just requires different tools.

If the first answer is yes, I prefer separate packages.
If the second answer is no, I prefer separate packages.
If the answers are no and yes respectively, then I would prefer yum update.
If the answers are both no, then a simple yum update gets dicey. First
you have different opinions on which method is the least surprise, but
also you have potential PR backlash. Would the centos project as a
whole and the sig in particular want to be seen as responsible for
definite downtime (if 4.6 automatically comes via yum update) or for
having known vulnerable packages? The latter can more easily be seen
as the admin's responsibility, IMO.

Either way, I would suggest a wiki with a cheat sheet of common
commands old vs. new.