Debian Weekly News - email

From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Mon, 18 Sep 2000 22:15:45 -0600 (MDT)
To: debian-policy@lists.debian.org
Cc: joeyh@debian.org
Subject: A thought on urgency

Here is a (rephrased) thought Joey Hess brought up:

Now that APT has a pinning mechanism it would be very nice if you could
automatically install higher urgency upgrades and leave low priority stuff
behind.

Right now we have an urgency field in the changelog but that is neither
adaquate information or in the proper place for a feature like this.

The idea we struck on was for each package to have a 'urgency serial
number' which exists on the ring [0...N]. The difference in the priority
serial numbers of any two packages indicates how urgent the upgrade is.

We can map our current schema onto the strata formed by the difgerences in
urgency between any two versions:

>100 High urgency security fix
>50  High urgency fix
>25  Medium urgency fix
otherwise low urgency fix

To implement this each package would get a new field dubbed
Urgency-Serial which would default to 0 if the field is omitted. We'd use
modular arithmetic on [0...4G] (to deal with wrap around) and like
versioning each maintainer would be responsible for incrementing this
field if there is a reason to.

APT users could specify they would like to install all high-urgency
packages (apt-get install-high-urgency) or use the pinning mechanism to
'soft track' a distribution:

Package: *
Pin: urgency >50
Priority: 900

Package: *
Pin: release *
Priority: 50

Which effectively means 'only upgrade to packages if there is an urgent
reason to do so'

Another option would be to hybridize unstable/stable so that packages get
installed only if there is an urgent reason to do so.
[There are some problems with this in general since multi-version problem
resolving is not something I intend to implement, but on a small scale I
think it is feasable]

GUIs would have available a means to sort and show the user what is very
urgent that they install and the magnitude of the difference would
indicate the severity.

Example, 3 security bugs are found in package foo. It may have a version
sequence that looks like:

Ver=1.0   Urgency=0
Ver=1.1   Urgency=100
Ver=1.2   Urgency=200
Ver=1.3   Urgency=300
Ver=1.4   Urgency=300

A user not at 1.3,1.4 will be able to detect that there is a strong reason
to upgrade from [1.0,1.1,1.2] but that the change from 1.3 to 1.4 is
non-urgent.

What do you all think?

Jason

To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Weekly News was edited by Joey Hess.