Re: Security Response Team / EOL

[Patrice Dumas <pertusus free fr>]

> The planning reliability for those who would maintain the legacy branches
> in replacement of original package owners. Assume we [the FE project]
> transferred the FE3 branch into maintenance state tomorrow, because the
> newly formed security response team had had announced that they wanted to
> tackle the problem of keeping FE3 secure as long as FC3 is maintained by
> Fedora Legacy. Do we want to keep the gates wide open and permit arbitrary
> contributors to fill FE3 with new packages which make FE3 grow and may
> need to be fixed by the security team sooner or later? I think we don't
> want that. 

I can't see how it is different for current releases. The same exactly 
applies for current releases (I substituted FE3 by FE4/FE5...):

"Do we want to keep the gates wide open and permit arbitrary to fill FE4/FE5
with new packages which make FE4/FE5 grow and may need to be fixed by the 
security team sooner or later?"

A package added in FE4/FE5 will have to be maintained much longer than a 
package added in FE3. And in my opinion it is better to have a package added
to the FE3 branche by a contributor really willing to maintain that branch 
than a package added to FE4/FE5 by a contributor that don't want to really 
take care of that package in the long term.

--
Pat