We are evaluating building packages from Fedora Extras for RHEL

[Steven Pritchard]

On Sun, Sep 10, 2006 at 09:42:44AM +0200, Thorsten Leemhuis wrote:
>  * It's important for several FESCo-Members that we use the Fedora
> Extras infrastructure as much as possible

Anything other than just another branch in CVS is going to be a pain
to maintain, IMHO.

> We don't have a proper name for this effort yet. The "codename" until
> now was Enterprise Extras (EE) (it is used in this document in several
> places due to the lack of a better one), but we are currently evaluating
> other names. There were several suggestions:
> 
>  * Fedora Extras (e.g. no special name)

That would be my vote.

> As you all probably know, RHEL and CentOS are supported for round about
> seven years normally and thus we need to make sure that the packages we
> build for these Enterprise Distributions are supported for the same time
> frame. "Supported" in this context means that security problems need to
> be fixed in a timely manner after they were published. This normally
> will be the maintainers job, but a security SIG -- either a special "EE
> Security SIG" or the normal one we already have -- should watch the
> maintainers and kick them if they missed something. The SIG also should
> act as a fall back and step in to fix stuff if the maintainer doesn't --
> but they can't fix each and every security problem alone so it only
> needs to be a fall back.

This would be one of those places where it would be nice if we could
have a different maintainer for every branch of a package.  There are
a few things I probably wouldn't want to spend much time on for RHEL
(games and things like that), but someone out there might.

> Closely related is the updates scheme EE should use -- do we use the FE
> "rolling release" approach?

My vote would be yes.

> Or do we want to try a mix like "Updated packages in EE are allowed
> (Rolling Release), but they normally should be build and published a
> certain time frame in the repositories for FE first before they are
> published for EE"?

I wouldn't really want that to be a hard rule (since someone might
want to push a security fix to every branch at the same time), but I
think it would be a common-sense rule of thumb.

I probably should note that *right now* I personally have no interest
in RHEL/CentOS/etc. since I have no clients running it (mostly due to
the lack of official Extras).  That's going to change soon ($client
needs to run an app that is only supported on RHEL), so this is coming
up at a very convenient time for me.  :-)

Steve
-- 
Steven Pritchard - K&S Pritchard Enterprises, Inc.
Email: steve at kspei.com             http://www.kspei.com/
Phone: (618)398-3000               Mobile: (618)567-7320