Fedora Extras 3

Mon May 22 14:28:41 UTC 2006

Am Montag, den 22.05.2006, 08:40 -0500 schrieb Jason L Tibbitts III:
> >>>>> "DG" == Dennis Gilmore <dennis at ausil.us> writes:
> DG> We have under a month to get FE3 up to scratch or support will be
> DG> turned off.
> Something sounds wrong with this.

Slightly.

>   I mean, FE3 has all sorts of
> problems including unfixable broken dependencies 

Is it that bad?

> and somehow it's up
> to us to meet some deadline for fixing problems there?

No! Only those that are interested it it. (see below)

> Not that there's anything wrong with fixing security issues in FE3,
> but I don't understand why the onus is put entirely on us.

The concept was round about this:

Security Team starts working. It should track the current releases (e.g.
FE4 and FE5) (no that was never written down anywhere -- that was
probably obvious). 

There were people (dgilmore, probably others) that wanted to keep FE3
alive. Some other people didn't like the idea, but we sort of had a
compromise: If the security team (or only parts of it, e.g. dgilmore,
others) track FE3 probably and fix open issues in an acceptable amount
of time (e.g they get the package maintainers to fix their packages or
someone else like dgilmore and/or the security team fixes it) then we
leave FE3 open in "Maintenance state".

This was the proposal we agreed on (the last para is the important one
for this discussion):

> === EOL.
> 
> When a Fedora Core release reaches Maintenance state (such as Fedora
> Core 3 reached when Fedora Core 5 Test 2 was released), the
> corresponding release of Fedora Extras will also enter a Maintenance
> state. In this state maintainers will be allowed to issue updates to
> existing packages, but Maintainers are strongly urged to only issue
> severe bugfix or security fixes. New software versions should be avoided
> except when necessary for resolving issues with the the current version.
> 
> Branches for new packages in CVS are not created for Distributions
> that are in Maintenance state. FESCo can approve exceptions of this rule
> if there are good reasons for it. The official package maintainers are
> urged to fix their packages also for Distributions that are in
> Maintenance state. They should work hand in hand with the "Security
> Response Team" in case they don't have access to older
> distros anymore to test their updates. 
> 
> When the Fedora Project drops support for a Fedora Core release the
> corresponding Fedora Extras is also dropped -- read this as
> "End-of-life, no new updates,support for that EOL distro will be removed
> from the Extras buildsys". 
> 
> The EOL Policy depends on the creation and a working Security Response
> Team and especially the part of it that "will lend assistance as needed"
> if the maintainer is unable to fix the package -- if that group does not
> start working properly until June 15 2006 we'll send out a EOL for
> Fedora Extras 3 -- means: "Packagers can still update things in cvs and
> build updates for now, but the official state of Fedora Extras 3 is
> 'unsupported and End of Life'". In that case we'll try to improve for
>FE4 and later.

Hope that clarifies some things. 

CU
thl
-- 
Thorsten Leemhuis <fedora at leemhuis.info>