Security Response Team / EOL

Fri Apr 28 14:31:59 UTC 2006

On 4/28/06, Chris Ricker <kaboom at oobleck.net> wrote:
> If you're still adding new packages to maintenance mode branches, what
> makes them different from non-maintenance mode? Packagers who want to
> build new stuff for maintenance branches should do it outside the Fedora
> build infrastructure -- the whole point of maintenance mode is to reduce
> the amount of infrastructure work needed to keep Fedora going to something
> manageable with the amount of resources Fedora has.
>
> People who want new packages should upgrade. Maintenance mode is there
> only as a security / bugfix only courtesy for those who can't upgrade. We
> want to encourage upgrading as much as possible, however

Perhaps as an additional courtesy there can be scratch areas setup for
the releases in maintenance mode inside the buildsys for people to run
private builds of 'new' packages which they then publish somewhere
else. The idea being allow people to use the extras infrastructure to
hold the specs and do the binary builds.. just don't publish these new
packages as part of extras.

While i personally like the idea of making a maintenance mode devoid
of large version shifts as updates, i think it will be impossible to
effectively enforce as a policy. Unless there is an additional
mechanism put in place to review pending changes for appropriateness
(something i don't think we have the manpower to even attempt),
'discouraging people from doing it' is unimplementable beyond more
than a meme to be repeated in discussion so there really isn't
anything to be up in arms about.

To take the edge of the issue I would suggest any statement which gets
encoded as guidance to maintainers read like this:

'When working with FE releases which have entered maintainence mode,
we(FESCO) would encourage you to focus your time on using patches for
security or severe crash issues when choosing to push updates to your
packages. If you find you are in a situation where you are considering
pushing a new upstream version release as an update for a maintainence
release, please jump onto the fedora-extras-list(or maybe
fedora-maintainers-list) and start a discussion on the situation.
We(FESCO) would like to see discussion to track how often these
situations occur and to understand if there are general trends which
can be addressed through policy or infrastructure changes in the
future."

-jef"volunteerism is not about doing whatever you want with the access
to the tools the managing organization grants you access to.
Volunteerism is about purposed action, within a set of guidelines that
you as a volunteer agree to. Organizations which do not provide strong
guidance aimed at focusing the available resources, like manhours, on
the important pre-defined goals(goals volunteers agree to work towards
but have no say in setting those goals) fail in a much more
spectacular manner than organizations which are consistently
understaffed. Under-staffed organizations with a clear purpose
continue to function and adjust the scale of their operations
accordingly. Organizations that have a lot of 'members' but no way to
manage how 'members' time is spent languish in a state where nothing
gets done.  I am personally less concerned about Extras loosing some
maintainers over policy restrictions,  than I am about better defining
the focus to aid in long term resource management"spaleta