jmarsden wrote:That's part of being an independent distribution, it seems to me. Puppy's small size keeps it more manageable (300+ packages) than larger distributions with thousands of packages. Thirty or so developers maintaining an average of ten packages each is all it will take, and some packages are very small and simple indeed.
How many security patches for binutils and gcc have been released in the last couple of years that were significant enough to force major distributions to issue updated packages between releases? How many for for coreutils or diffutils or bash or find for that matter? I suspect the answer is either "none" or "very few"! Which means that the burden of maintaining Puppy source packages for those kinds of things is likely to be fairly low. System libs like glibc are, of course, going to take more work to maintain. One really 'interesting' one to maintain from a security perspective may be Xorg, since AFAIK it is not designed to be run as root, but Puppy runs it as root... but let's not discuss that right now!Guest (really cncuser) wrote:i really dont see how this could come true i think that if we dont use a "stronger base" its very likley that this will never happen even if it where just 300 packages. i dont even see enough people here for maintaining the gnubase(glibc,binutils,gcc..)
Right now, Puppy uses fairly old versions of many packages and has no established security update team, nor a mechanism for distributing such updates to users. It seems to me that using more current sources and then working towards having assigned package maintainers is a step forward for Puppy. We won't know whether it is doable until we try it. Even if we end up with only 5 people doing all the package maintenance, that is probably still a useful improvement in scalability and long term viability compared to Barry doing everything himself!
Jonathan