Re: [p2-dev] Security/maintenance updates for Eclipse & RPMs

[Ian Bull <irbull@xxxxxxxxxxxxxxxxx>]

What could be done to support such a scenario in Eclipse? So far I've
thought about:
* rebuilding with the same qualifier - this breaks OSGi rules and even
does not work, because osgi caches old code

This just seems wrong, not only for the reasons you mentioned, but as an approach to your problem. If foo version 1.2.3.20130916 is known to have a serious security bug, creating a new 'foo' with the exact same version / qualifier won't help. It will just lead to confusion about who has the fix vs. who doesn't.

 

* p2less installations - not really an option, people must be able to
install things

Yeah, I can't see this as an option for you.

 

* on-demand profile generation - does not work because features use
hardcoded qualifiers.

And this will likely lead to other install problems down the road.

As David mentioned, I think feature patches are the 'technical' way to go. They might not scale in terms of creating them, but they should work as an install mechanism. Maybe we need to look at a better / more scalable way to create / publish them.

Cheers,

Ian

 

Is there something else I could consider?

--
Krzysztof Daniel <kdaniel@xxxxxxxxxx>
Red Hat

_______________________________________________
p2-dev mailing list
p2-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/p2-dev

--
R. Ian Bull | EclipseSource Victoria | +1 250 477 7484
http://eclipsesource.com | http://twitter.com/eclipsesource