[postgis-devel] Can we put back GEOS 3.5 support in 3.0?
Darafei "Komяpa" Praliaskouski
me at komzpa.net
Sat Feb 16 09:16:04 PST 2019
ср, 30 сту 2019, 03:06: карыстальнік Regina Obe <lr at pcorp.us> напісаў:
>
> > A worthy experiment!
> Okay you guys are all sounding like me 1 year ago and I'm sounding like
> strk and Paul 1 year ago. Pretty scary world we live in.
> Well at least Komzpa is as insane as I remember he ever was, so the crazy
> person is now our stable point of reference.
>
> Well it looks like strk has fixed gitlab -- Thanks strk :) So one less
> compelling reason to support 3.5.
> Has anyone fixed Fuzzie -- wanna fix Fuzzie?
Fixed and checked Fuzzie locally, waiting for Google or whoever maintains
oss-fuzz repo to merge.
https://github.com/google/oss-fuzz/pull/2173
I'm a bit drowned at this moment with having to learn new things so don't
> want to deal with anything that requires too much thinking for at least
> another couple of weeks.
>
>
> > On Jan 24, 2019, at 9:50 PM, Darafei Komяpa Praliaskouski <me at komzpa.net>
> wrote:
>
> > PostGIS 2.0..2.3.2 now has a CVE, let's see how quick vendors will pick
> it up:
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18359
>
> > On Thu, Jan 24, 2019 at 2:20 AM Darafei "Komяpa" Praliaskouski <
> me at komzpa.net> wrote:
> > To push libraries to get update, either:
> > - make downstream packages dependencies tighter (with each PostGIS
> release depend on current minor of GEOS);
> > - report a CVE / security bug, so that it's handled by security team
> (can become just a three-line backpatch though).
>
> > On Thu, Jan 24, 2019 at 2:14 AM Paul Ramsey <pramsey at cleverelephant.ca>
> wrote:
> > Well, there’s going to be some exciting news on the GEOS front next
> week, and hopefully it will bring everyone back to the table :) I don’t
> know how to break the packaging logjam though, as
> > there’s something about system libraries that defies makes everyone “go
> slow”. Which isn’t really fair, since we’ve done everything necessary to
> make things easy: the ABI never changes, there’s > never a reason to not
> just dump the latest GEOS into place. What can we do to convince packagers
> we are sincere?
>
> > P
>
> Sadly the only thing you can do is do micro updates like when 4.0 comes
> out let's just keep implementing the micro 4.1, 4.
> That might serve to piss packagers more though than help confusing them as
> to what stable vs. feature enhancement is which means they'll think you are
> crazy and just won't ship you.
>
> The problem is the more dependable you are the more people want to depend
> on you. The more people depend on you, the more people want to build there
> things on top of you. The more people want to build things ontop of you -
> you are now a system library too dangerous to touch because you are
> the big turtle and changing the big turtle can break the other turtles all
> the way down to the smallest turtle.
>
>
> Thanks,
> Regina
>
> _______________________________________________
> postgis-devel mailing list
> postgis-devel at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/postgis-devel
--
Darafei Praliaskouski
Support me: http://patreon.com/komzpa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/postgis-devel/attachments/20190216/9ee4d281/attachment.html>
More information about the postgis-devel
mailing list