Follow-up on Extended Life Cycle
Mike McGrath
mmcgrath at redhat.com
Tue Jul 21 14:16:25 UTC 2009
On Tue, 21 Jul 2009, Dimitris Glezos wrote:
> On Tue, Jul 21, 2009 at 5:08 PM, Bill Nottingham<notting at redhat.com> wrote:
> > Greg DeKoenigsberg (gdk at redhat.com) said:
> >>> I'm guessing that this 1 fulltime person in a security response team
> >>> role is to track, monitor, and coordinate the issues that need to be
> >>> addressed. Which in many cases is different from the devel, releng and
> >>> test aspects - necessitating much more than 1 fulltime person's worth
> >>> of work to pull off the broader initiative. Right?
> >>
> >> In the world of RHEL, this would certainly be true -- but in the world of
> >> Fedora?
> >
> > Note that also there are likely to be *more* issues to track in Fedora
> > than in RHEL; after all, Fedora is much larger.
>
> Is it necessary to go all-or-nothing, or is there a smart and simple
> way to only issue updates for a subset of Fedora's packages (eg. the
> ones that are shipped on the DVD for example)?
>
That sounds confusing to me, if I installed via DVD and install any
additional package, how am I to know whether or not my system is secure or
not?
-Mike
More information about the fedora-advisory-board
mailing list