On Wed, Dec 17, 2014 at 12:41 PM, "P. A. López-Valencia" <vorbote@outlook.com> wrote:
On 17/12/14 11:28, Ido Rosen wrote:
We seem to be in agreement: 2.1.x is not yet in the set of upstream *stable* releases, but 2.0.x is in that set.
Not really. You missed the "as close to current".
I didn't miss the as close to current. You said "as close to current as *upstream stable releases* allow." 2.1.x is not an upstream stable release while 2.0.x is, therefore we are closer to current than upstream stable releases allow. So, as I said, we are in agreement, and IMO a mistake was made and should be rectified by a downgrade rather than leaving Arch users at risk of security breaches.
Therefore, Arch should follow 2.0.x until upstream has marked 2.1.x as stable. Someone made a mistake in upgrading to 2.1, so let's correct the mistake by downgrading back until it's safe, rather than leaving all of Arch's users at great security risk. Let's not forget that gnupg underlies all of Arch's security/integrity (i.e. pacman db and pkg signing) - it's how our users know that Arch is Alice-rch and not Eve-rch. IMO, downgrading is the responsible, smart (not stupid) thing to do, and let's not forget the last "S" in K.I.S.S... :-)
The usual practice is to wait until there is a first point release that catches the most glaring bugs, see for example how the kernel and the main desktop environments are updated. The first point release was yesterday (2014-12-16) and it is already in testing. This transition would have occurred sooner or later because the benefits outweigh the cost of moving to the newer version---e,g., the ability to use elliptical curve keys---, but it would've been reasonable to wait for this first point release.
I donated, but I do not see your name on the donation list? [0]
Do not stoop to personal attacks. Thank you.
Besides that, I never make public my acts of charity. Have you read Matthew 6:3? Even good atheists practice it.
It was not a personal attack. You encouraged me to donate, so I did, and was encouraging you to practice what you preach (i.e. to donate as well). I'm not Christian, but I think that's covered later on in Matthew 7:2...? Did you read the rest of that paragraph? You disregarded my points as a red herring, then made a straw man argument that we should donate instead of downgrading (and leave Arch users vulnerable). In the same paragraph, you quote Arch policy which agrees with the downgrade... I guess you are just trolling. Happy holidays, either way. :-)
-- Pedro Alejandro López-Valencia http://about.me/palopezv/
Every nation gets the government it deserves. -- Joseph de Maistre