a plan for updates after end of life
Patrice Dumas
pertusus at free.fr
Mon Feb 11 21:50:02 UTC 2008
On Mon, Feb 11, 2008 at 06:31:29PM -0300, Horst H. von Brand wrote:
>
> > The number of package is (almost) never a good metric. Indeed some
> > packages are quite hard to maintain (the kernel for example) while
> > others are easy to maintain, either because they are simple. Also some
> > packages may be kept synchronized with a fedora version. The kernel may
> > not be that hard to maintain, in the end, if the kernel of a stable
> > fedora release can be used as soon as a security issue is found.
>
> And how do you propose to measure that? AFAIU, that hasn't been determined
> for Fedora now. And an older package means more work backporting fixes.
I am not the one in search of a metric. I think that no metric make
sense, other than having a packager willing to maintain, and processes
to force a packager to orphan when he doesn't do his job.
> > But, first, we should do that in fedora proper before, and second I
> > don't thinkt hat the result will be much more reliable.
>
> Right. But as was said, Fedora has its own regulation: It times out at
> EOL. Developers/package maintainers plan for that and move on.
Packages may still be carried over to the next release. And once again
the y are unmaintained, the fact that it is for a given length of time
doesn't make it better.
> What is the use of a Fedora 8 after EOL if any packages with significant
> problems are simply taken from later Fedoras?
If it make sense, indeed. But not every package suffer from security
bugs. (as a side note, it is not Fedora 8 after EOL, it is UEAL).
> I for one wouldn't trust
> such a chimaera, I'd prefer just taking the later version of the
> distribution in that case.
Do what you want, nobody forces you to use UAEL.
> The whole point of a distribution for me is that
> it gives me a coherent set of packages that "somebody" has checked that
> they work well together.
The whole point of my proposal wes to have a set of packages that work
together well by selecting packages based on having a maintainer.
But maybe I don't understand what you mean.
In any case I have retired the project. I don't want to support
a project where metrics are needed because packagers are not trusted.
--
Pat
More information about the fedora-devel-list
mailing list