reviving Fedora Legacy
Josh Boyer
jwboyer at gmail.com
Wed Oct 15 12:43:48 UTC 2008
On Wed, Oct 15, 2008 at 02:13:50PM +0200, Patrice Dumas wrote:
>On Wed, Oct 15, 2008 at 07:33:17AM -0400, Josh Boyer wrote:
>> >
>> >The aim here is not to present the _appearance_ of a distro with
>> >security updates but give the choice to the user either to upgrade or to
>> >stick with a distro where some packages will not be maintained.
>> >Something along "That distro is EOL. Upgrade before you get hacked.
>> >Alternatively, and at your own risk, you can enable a repository where
>> >some packages are updated on a volunteer basis, but some packages aren't
>> >maintained anymore."
>> >
>> >With a page listing which packages are still supported.
>>
>> The issue you will have is that people will not be comfortable opening the
>> ACLs for things like the kernel or glibc or gcc. And if those ACLs are still
>> closed and the maintainers have no interest in participating in this "life
>> after EOL" scheme, then it's very hard to have any appearance of security.
>
>You mean, even for branches they don't maintain anymore? That would be
>strange.
No, it really wouldn't. If the ACLs are open for the kernel on an older branch
anyone with cvsextras (or whatever the FAS group is now called) can commit to it.
That means anyone can fsck up the kernel and break all of those users on this
EOLed release.
(And bug reports, blah blah blah.)
josh
More information about the fedora-devel-list
mailing list