a plan for updates after end of life

[Horst H. von Brand]

Patrice Dumas <pertusus at free.fr> wrote:
> On Sun, Feb 10, 2008 at 01:32:50PM -0900, Jeff Spaleta wrote:
> > On Feb 10, 2008 11:30 AM, Patrice Dumas <pertusus at free.fr> wrote:
> > > It is not something that can be easily done. The metric which makes the
> > > most sense to me today is: has somebody brought an issue with the
> > > maintainer work toward the relevant commitee (in that case I guess it
> > > would be the UAEL SIG) and the commitee decided to orphan the package.
> > > Just like in Fedora. Agreed it is not a perfect process, but there is no
> > > reason to have a better one for UAEL.

> > What about we also put a branch expiration latch on the ratio of
> > maintainers to packages that must be maintained as part of UAEL?

> The number of package is (almost) never a good metric. Indeed some
> packages are quite hard to maintain (the kernel for example) while
> others are easy to maintain, either because they are simple. Also some
> packages may be kept synchronized with a fedora version. The kernel may 
> not be that hard to maintain, in the end, if the kernel of a stable 
> fedora release can be used as soon as a security issue is found.

And how do you propose to measure that? AFAIU, that hasn't been determined
for Fedora now. And an older package means more work backporting fixes.

> > Require the number of total number of maintainers to packages in UAEL
> > to be above some reasonable bar. And additionally require that each
> > maintainer of a 'core' UAEL package keep their load with respect to
> > UAEL below a certain number of packages.

> That looks like a possible idea. What we could do is ask the maintainer
> for the time he has to devote to UAEL,

Who guarantees that nobody has delusions about the time available to them?

>                                        and assign weights to packages 
> based on their complexity and easyness to update following fedora 
> packages. 

Who does the weighting?

> But, first, we should do that in fedora proper before, and second I
> don't thinkt hat the result will be much more reliable.

Right. But as was said, Fedora has its own regulation: It times out at
EOL. Developers/package maintainers plan for that and move on.

> > The goal would be to minimize a situation where a small number of
> > people are being overwhelmed and getting into a situation where things
> > a spread too thin for a long period of time after initial interest in
> > the branch as dropped.

> Once again it is the same in fedora. There is an obvious difference,
> there can be more branches in UAEL, but more branch doesn't necessarily
> mean more work, if they can be kept synchronized when security issues
> are discovered (and it is more or less the plan for UAEL).

What is the use of a Fedora 8 after EOL if any packages with significant
problems are simply taken from later Fedoras?  I for one wouldn't trust
such a chimaera, I'd prefer just taking the later version of the
distribution in that case. The whole point of a distribution for me is that
it gives me a coherent set of packages that "somebody" has checked that
they work well together.
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                    Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria             +56 32 2654239
Casilla 110-V, Valparaiso, Chile               Fax:  +56 32 2797513