Follow-up on Extended Life Cycle
Greg DeKoenigsberg
gdk at redhat.com
Tue Jul 21 12:38:11 UTC 2009
On Tue, 21 Jul 2009, Tim Burke wrote:
> Jesse Keating wrote:
>> On Mon, 2009-07-20 at 21:18 -0400, Paul W. Frields wrote:
>>
>>> It has
>>> been something like 4 years since the Fedora Legacy project ended, and
>>> if you have a sizable labor pool you can eliminate one of the main
>>> reasons that happened.
>>
>> Note, to maintain Critical Security updates, which is essentially what
>> RHEL does once a RHEL release reaches it's maintenance mode, RH Security
>> team estimates that a single full time person can handle the work load.
>> This is a sizable pool when compared to what Fedora Legacy worked with,
>> and Legacy's target was much more broad, and the infrastructure much
>> less helpful.
>>
>>
> I'm guessing that this 1 fulltime person in a security response team role is
> to track, monitor, and coordinate the issues that need to be addressed. Which
> in many cases is different from the devel, releng and test aspects -
> necessitating much more than 1 fulltime person's worth of work to pull off
> the broader initiative. Right?
In the world of RHEL, this would certainly be true -- but in the world of
Fedora?
What QA/releng work is required to push updates into Fedora currently,
after the initial distro has been pushed out? I'm pretty sure it's not
much; we just use bodhi to coordinate +1s to packages in the updates
testing repo, and that's about the extent of it. This process would not
change.
--g
--
Computer Science professors should be teaching open source.
Help make it happen. Visit http://teachingopensource.org.
More information about the fedora-advisory-board
mailing list