[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Security Response Team / EOL
- From: Ralf Corsepius <rc040203 freenet de>
- To: Discussion related to Fedora Extras <fedora-extras-list redhat com>
- Subject: Re: Security Response Team / EOL
- Date: Fri, 28 Apr 2006 14:29:49 +0200
On Fri, 2006-04-28 at 14:12 +0200, Michael Schwendt wrote:
> On Fri, 28 Apr 2006 12:50:27 +0200, Thorsten Leemhuis wrote:
>
> > Am Freitag, den 28.04.2006, 12:20 +0200 schrieb Patrice Dumas:
> We do agree that package maintainers may abandon their packages for legacy
> branches, don't we? A marker-file in CVS is easy to do, an unimportant
> implementation detail. A security response team (or co-maintainers,
> whatever, it doesn't matter) would need to take over those packages.
Well, security affects all packages, and "security leaks" are very
likely to affect all available versions.
Therefore, I disagree upon this "strong ownership assignment" in your
sentences and can't find it useful. But I don't disagree upon a
"security task force intervening/modifying a package", regardless of
whether a package is in current or in legacy, no matter if it's orphaned
or actively maintained, nor whether a packager is on vacation or
suffering from a broken email access.
Otherwise we are very likely to see a "Security task force" or "legacy
team" fixing bugs in legacy, that will stay open for some time in
"current".
Or to put it differently: I think you are mixing 2 completely
independent issues:
* Regular maintenance of "legacy" packages the "nominal maintainer" in
current has abandoned to actively maintain.
* Security response.
Ralf
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]