reviving Fedora Legacy

Josh Boyer jwboyer at gmail.com
Wed Oct 15 11:33:17 UTC 2008


On Wed, Oct 15, 2008 at 09:42:28AM +0200, Patrice Dumas wrote:
>On Wed, Oct 15, 2008 at 08:36:05AM +0100, David Woodhouse wrote:
>> 
>> If we present the _appearance_ of a distro with security updates, while
>> in fact there are serious security issues being unfixed, then that is
>> _much_ worse than the current "That distro is EOL. Upgrade before you
>> get hacked" messaging.
>
>The aim here is not to present the _appearance_ of a distro with
>security updates but give the choice to the user either to upgrade or to
>stick with a distro where some packages will not be maintained.
>Something along "That distro is EOL. Upgrade before you get hacked.
>Alternatively, and at your own risk, you can enable a repository where 
>some packages are updated on a volunteer basis, but some packages aren't
>maintained anymore."
>
>With a page listing which packages are still supported.

The issue you will have is that people will not be comfortable opening the
ACLs for things like the kernel or glibc or gcc.  And if those ACLs are still
closed and the maintainers have no interest in participating in this "life
after EOL" scheme, then it's very hard to have any appearance of security.

josh




More information about the fedora-devel-list mailing list