Follow-up on Extended Life Cycle

Paul W. Frields stickster at gmail.com
Tue Jul 21 12:58:18 UTC 2009 

On Tue, Jul 21, 2009 at 08:38:11AM -0400, Greg DeKoenigsberg wrote:
> On Tue, 21 Jul 2009, Tim Burke wrote:
>
>> Jesse Keating wrote:
>>> On Mon, 2009-07-20 at 21:18 -0400, Paul W. Frields wrote:
>>>
>>>> It has
>>>> been something like 4 years since the Fedora Legacy project ended, and
>>>> if you have a sizable labor pool you can eliminate one of the main
>>>> reasons that happened. 
>>>
>>> Note, to maintain Critical Security updates, which is essentially what
>>> RHEL does once a RHEL release reaches it's maintenance mode, RH Security
>>> team estimates that a single full time person can handle the work load.
>>> This is a sizable pool when compared to what Fedora Legacy worked with,
>>> and Legacy's target was much more broad, and the infrastructure much
>>> less helpful.
>>>
>>>
>> I'm guessing that this 1 fulltime person in a security response team 
>> role is to track, monitor, and coordinate the issues that need to be 
>> addressed. Which in many cases is different from the devel, releng and 
>> test aspects - necessitating much more than 1 fulltime person's worth of 
>> work to pull off the broader initiative.  Right?
>
> In the world of RHEL, this would certainly be true -- but in the world of  
> Fedora?
>
> What QA/releng work is required to push updates into Fedora currently,  
> after the initial distro has been pushed out?  I'm pretty sure it's not  
> much; we just use bodhi to coordinate +1s to packages in the updates  
> testing repo, and that's about the extent of it.  This process would not  
> change.

That's pretty much the size of it.  The package maintainer shoulders a
big part of the burden, and then co-opts the work of other intrepid
volunteers to test the packages and get the bodhi karma needed for an
update push.  I'd assume the latter step doesn't really change for
this effort, since it doesn't have to.  But many of the current
package maintainers are not involved in this effort, so exactly who is
taking over the former work, and how it proceeds in an organized
fashion, are important questions that must be answered.

-- 
Paul W. Frields                                http://paul.frields.org/
  gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233  5906 ACDB C937 BD11 3717
  http://redhat.com/   -  -  -  -   http://pfrields.fedorapeople.org/
  irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug

More information about the fedora-advisory-board mailing list