You Need Fedora Legacy!! Re: [fab] looking at our surrent state a bit
Rahul Sundaram
sundaram at fedoraproject.org
Tue Nov 7 23:10:50 UTC 2006
Axel Thimm wrote:
> On Tue, Nov 07, 2006 at 11:46:37PM +0530, Rahul Sundaram wrote:
>> Unifying and opening up more of the infrastructure and other ideas like
>> that only doing critical security fixes are things to look at.
>
> But FL's charter is already to only cater about security fixes, or do
> you imply to categorize them and allow some to slip? E.g. allow local
> priviledge escalation, but fix remote exploits?
>
> I don't think that's a good FL manifesto. Allowing non-critical
> security issues to exist will only harm the project's front to the
> public more.
Not really. It is better than not pushing updates at all. See
https://www.redhat.com/archives/fedora-security-list/2006-October/msg00006.html
> The issue is also not the infrstructure IMO, it's simply lack of human
> resources and either someone needs to assign them to it if that entity
> (Red Hat/board/whatever) considers that a worthy goal, or the
> resources need to come from more voluntary people, e.g. FL needs a
> marketing manager.
Lack of human resources is also a result of higher barrier to entry. New
people need to be able to contribute easily. Existing contributors in
other sub projects like extras need to able to do that. Unifying
infrastructure and automating more of the tasks helps in both ways.
> Or the need for resources is cut by reducing the number and time span
> of supported releases
Just as reducing time span is a option, classification of
vulnerabilities and working on critical ones after a time span is also a
option that needs to be considered.
Rahul
More information about the fedora-legacy-list
mailing list