[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: kernel 2.6.16-1.2107_FC5 breaks graphical boot (and cups and httpd)



On Fri, 2006-05-05 at 08:21 +0530, Rahul Sundaram wrote:
> On Fri, 2006-05-05 at 02:51 +0300, Gilboa Davara wrote:
> 
> > Jeremy,
> > 
> > I'm not trying to point fingers and/or throw mud.
> > My question is, will it be possible to find a mid-route, which combines
> > the shortest possible vulnerability period with a minimal risk of having
> > DOA machines? You'd agree that having 1000s of DOA machines doesn't
> > really sit well with Fedora's mission statement... 
> > (Though, in Dave's defense, a machine that doesn't boot is a machine
> > which cannot be compromised ;))
> 
> What do you think is the "mid-route" for time critical security fixes? 
> 
> Rahul
> 

A couple of options:
* Setup security-update-testing repo; recruit a small group of users to
do basic sanity checks on each make-or-break release. This group should
have: A. enough time on their hands. B. be available to check update on
the short notice. 
* Setup a sanity check farm at RH QA. Do automated sanity checks before
pushing them into -updates.

And my favorite:
Setup a security-update-testing repo, pushing only urgent security
upgrade into this repo. Post a message in fedora-users, fedora-packages
and/or fedora-news message every-time a new urgent upgrade is available.
People which are effected by the security advisory will have the choice
to use this repo, risking crash/burn/what-ever while people which are
not effected by the advisory (in most cases, home users, workstations)
will be able to sit it out till it get tested and pushed to -updates.
By splitting updates-testing in half, you can selectively decide on
which edge of the blade you're willing to live.

Gilboa


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]