LWN.net Logo

Advertisement

Netronome is hiring!

Interested in hardware, diags, validation, Linux, C, ARM, Microcode and low level programming and blazing networks?

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

What about pulling changes from downstream ?

What about pulling changes from downstream ?

Posted Apr 10, 2008 8:53 UTC (Thu) by lacostej (subscriber, #2760)
Parent article: OpenSSH bug falls through the cracks 

The flow of patches should not necessarily be a push from downstream -> upstream.

If I was a maintainer of an upstream open source package, I think I would try to also
regularly compare the various changes downstream apply. Just to see if something is
interesting.

(Log in to post comments)

What about pulling changes from downstream ?

Posted Apr 10, 2008 14:28 UTC (Thu) by rworkman (subscriber, #47472) [Link] 

If you were maintainer of a significant upstream package, you'd likely realize that it's
easier said than done.

What about pulling changes from downstream ?

Posted Apr 10, 2008 15:00 UTC (Thu) by lacostej (subscriber, #2760) [Link] 

<em>If you were maintainer of a significant upstream package, you'd likely realize that it's
easier said than done.</em>

Because the tools are not in place. That's why I said "try".

I don't expect someone to be able to track all downstreams packages. One developer cannot
track all distributions especially because each distribution track changes in a different way.

But if people work together it should be possible to come up with a set of tools to help all
those upstreams maintainers.

One could then do something like:

list-patches ssh ubuntu 8.04

Most distributions work in the open. This information doesn't change overnight and could be
centralized on a server. Maybe distrowatch or something similar.

The tools would help both ways, as distributors would be able to also look at what other
distributors are doing.

What about pulling changes from downstream ?

Posted Apr 11, 2008 0:22 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

I think it's less work for a downstream maintainer to send an email to the upstream maintainer than to maintain the patch in such a way that "pull" works. And looking at the total effort by everyone, I'm sure the email is considerably less work. But probably less reliable.

I sometimes get pointed to lists of downstream patches for packages I maintain. I find it very hard to glean defect information from them. One of the reasons is the open source tradition of not documenting beyond the code itself. It often takes quite a bit of effort to figure out what the point of a patch is. OTOH, when people email me patches, they almost always include a nice explanation.

What about pulling changes from downstream ?

Posted Apr 12, 2008 19:21 UTC (Sat) by boklm (subscriber, #34568) [Link] 

It's not a lot of work to send an email, but it's easy to forget.

What about pulling changes from downstream ?

Posted Apr 17, 2008 8:17 UTC (Thu) by djm (subscriber, #11651) [Link] 

We (OpenSSH maintainers) do check and merge downstream patches from time to time. It is
something of a pain to trawl through the various (completely different) vendor systems for
maintaining packages and I don't think it is at all sensible to have to depend on this to pick
up security fixes.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds