On 09/23/2011 07:12 PM, Johnny Hughes wrote: > On 09/23/2011 09:53 AM, Dennis Jacobfeuerborn wrote: >> On 09/23/2011 04:30 PM, John Hodrien wrote: >>> On Fri, 23 Sep 2011, Dennis Jacobfeuerborn wrote: >>> >>>> What are you trying to say? >>>> Karanbirs response is three weeks old and AFAICS the 6.0/cr repo is still >>>> empty on the mirrors so there is no package for that problem available. >>>> >>>> If there are problems getting 6.0/cr going then fine but in that case fixes >>>> for such dangerous bugs should be made available in some other way for >>>> example by uploading a package to some temporary location until things are >>>> working as they should. >>> >>> Yes it'd be nice. >>> >>> Until then, you can always grab the redhat srpm, or get a binary rpm from SL. >> >> Still the fact that centos is leaving its users exposed to this kind of >> thing is...problematic. What's even more perplexing is that according the >> Karanbir the package was ready to go yet since then there is a sudden radio >> silence for three weeks. If there are still problems with building the >> updates ok but then they could have at least pushed this package out or put >> it on some server for people to download manually and if that is a problem >> too then they should have put out a message the next day that there are >> still problems and that people are better off building the updated package >> themselves. >> At least that would have given the users some information to act on. > > What other packages inside the system might be impacted by changing the > httpd executable? > > What shared libraries might needed to run the new version of httpd that > were built on the 6.1 tree and may not work without the other updates. > > One package can not be built and pushed in a totally different tree and > then released. > > It requires testing. > > We are doing the best we can. And this is really appreciated believe me but here is the problem: Three week ago Karanbir announced an imminent release for the httpd package. Since then nothing happened. Let's assume for a moment a major problem was discovered that somehow prevent the new package from being released. Let's also assume that everyone who could address the problem is really busy with really important stuff. Why wasn't it possible for anyone to send out an announcement basically saying: "For reasons we don't want disclose we cannot push out an updated httpd package anytime soon. Please build your own updated versions or find someone who can do it for you." At least people would know what the situation is. *THAT* is the issue here. I can understand that all this stuff is complicated but sending an email is not and so that is always something you could and should fall back on in the absence of any better options. Regards, Dennis