Re: Updates Politics Proposal

[Eric Rostetter <rostetter mail utexas edu>]

Quoting Matthew Miller <mattdm mattdm org>:

> > See the FAQ.  The very first FAQ entry ever created addresses the issue
> > of what we support.
> 
> Yeah. I guess specifically, given the limited resources we have (for
> example, I have 0 spare time -- *sigh*), I've been reading "In order to
> publish security updates in a timely manner, security updates have a higher
> priority than any other updates" extremely strictly.

Yes, that is true.  That is why Jesse suggested putting the e100 fix into
the next kernel security update, rather than making it an update on its
own, basically.

So, yes, we want to fix non-security bugs, but our first duty is to security
bugs.  We can't delay an important security fix for a non-security fix.  But
we can't just say "we won't fix anything but security fixes", time allowing.

I think it is the "time allowing" part that is throwing people off track.
But I think all bugs need to be prioritized by how much impact they have
(their severity, implications, how many people they affect, etc).  There
isn't a simple formula for such things though.

-- 
Eric Rostetter