how to get started with helping the project [...]
Daniel Roesen
dr at cluenet.de
Thu Mar 3 21:06:30 UTC 2005
On Thu, Mar 03, 2005 at 10:50:18PM +0200, Pekka Savola wrote:
> This is still valid, unless you assume that the updates for EOL
> distributions are useless unless they are very rigorously tested under
> industry-grade circumstances.
The problem is that people who take security serious can't wait weeks
and months for security fixes to arrive from FL. And as that's (security
fixes) all FL provides...
For me, FL is only of value if I can save time by just installing FL
RPMs instead of rolling my own security updates. But at least remotely
exploitable vulnerabilities require *immediate* fix so people can't wait
weeks and months for FL to get into gear. So one has to backport or
install newer, fixed versions manually. So no time saved at all.
I'm surely NOT picking on the FL project. It's all free (as in "beer")
after all, and the intentions are very noble. But it's IMHO a fact that
current procedures (and probably lack of community manpower) lead to
unacceptable delays which renders the whole project's point somewhat
moot.
Really, don't get me wrong, and thanks to all contributors for their
commitment.
Just my 0.02 EUR.
Best regards,
Daniel
--
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
More information about the fedora-legacy-list
mailing list