[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Follow-up on Extended Life Cycle



On Tue, Jul 21, 2009 at 5:16 PM, Mike McGrath<mmcgrath redhat com> wrote:
> On Tue, 21 Jul 2009, Dimitris Glezos wrote:
>
>> On Tue, Jul 21, 2009 at 5:08 PM, Bill Nottingham<notting redhat com> wrote:
>> > Greg DeKoenigsberg (gdk redhat com) said:
>> >>> I'm guessing that this 1 fulltime person in a security response team
>> >>> role is to track, monitor, and coordinate the issues that need to be
>> >>> addressed. Which in many cases is different from the devel, releng and
>> >>> test aspects - necessitating much more than 1 fulltime person's worth
>> >>> of work to pull off the broader initiative.  Right?
>> >>
>> >> In the world of RHEL, this would certainly be true -- but in the world of
>> >> Fedora?
>> >
>> > Note that also there are likely to be *more* issues to track in Fedora
>> > than in RHEL; after all, Fedora is much larger.
>>
>> Is it necessary to go all-or-nothing, or is there a smart and simple
>> way to only issue updates for a subset of Fedora's packages (eg. the
>> ones that are shipped on the DVD for example)?
>>
>
> That sounds confusing to me, if I installed via DVD and install any
> additional package, how am I to know whether or not my system is secure or
> not?

This is definitely something that needs some thinking. Maybe a
notification to the user that, past this date, the following packages
you have installed do not automatically receive security updates?

This would be useful as a vanilla Fedora feature too, complimenting
our EOL fedora-announce email.

-d


-- 
Dimitris Glezos

Transifex: The Multilingual Publishing Revolution
http://www.transifex.net/ -- http://www.indifex.com/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]