Upcoming transition of FC3

Jim Popovitch jimpop at yahoo.com
Sat Oct 22 17:20:44 UTC 2005


Nils Breunese (Lemonbit Internet) wrote:
> 
> Why would anyone who has updates enabled not want legacy updates to be 
> enabled?

 From my perspective, I want to know *who* the updates are coming from. 
  In the case of Redhat updates, I know that there are ISO-9001 
procedures and policies in place as well as corporate oversight and more 
importantly corporate responsibility (from a legal point of view).  From 
FL you generally (if not universally) get good updates, however do you 
really really know what was in that last ssh update that you got?  While 
I am not so paranoid to automatically suspect everything I download, I 
am paranoid enough to try and understand the origin of what I download.

So...

   1) what server should be used as the default update server
      for out-of-the-box updates?
   2) what policies, purview, scrutiny should that/those server
      operators be put under and who will take responsibility
      for enforcing this?
   3) what legal disclaimers, and by what means, will alert
      newbies that they are no longer getting official Redhat
      updates?

Currently all three of the above issues are addressed individually by 
users who manually configure their systems.  This action is so user 
intensive (visit website, cut-copy-paste yum.conf, download and install 
yum, etc) that it isolates FL from legal responsibility.  All FL has to 
do to protect itself is not intentionally post malicious code or 
instructions.

-Jim P.





More information about the fedora-legacy-list mailing list