Follow-up on Extended Life Cycle
Dimitris Glezos
dimitris at glezos.com
Tue Jul 21 15:14:43 UTC 2009
On Tue, Jul 21, 2009 at 5:16 PM, Mike McGrath<mmcgrath at redhat.com> wrote:
> On Tue, 21 Jul 2009, Dimitris Glezos wrote:
>
>> On Tue, Jul 21, 2009 at 5:08 PM, Bill Nottingham<notting at redhat.com> wrote:
>> > Greg DeKoenigsberg (gdk at redhat.com) said:
>> >>> I'm guessing that this 1 fulltime person in a security response team
>> >>> role is to track, monitor, and coordinate the issues that need to be
>> >>> addressed. Which in many cases is different from the devel, releng and
>> >>> test aspects - necessitating much more than 1 fulltime person's worth
>> >>> of work to pull off the broader initiative. Right?
>> >>
>> >> In the world of RHEL, this would certainly be true -- but in the world of
>> >> Fedora?
>> >
>> > Note that also there are likely to be *more* issues to track in Fedora
>> > than in RHEL; after all, Fedora is much larger.
>>
>> Is it necessary to go all-or-nothing, or is there a smart and simple
>> way to only issue updates for a subset of Fedora's packages (eg. the
>> ones that are shipped on the DVD for example)?
>>
>
> That sounds confusing to me, if I installed via DVD and install any
> additional package, how am I to know whether or not my system is secure or
> not?
This is definitely something that needs some thinking. Maybe a
notification to the user that, past this date, the following packages
you have installed do not automatically receive security updates?
This would be useful as a vanilla Fedora feature too, complimenting
our EOL fedora-announce email.
-d
--
Dimitris Glezos
Transifex: The Multilingual Publishing Revolution
http://www.transifex.net/ -- http://www.indifex.com/
More information about the fedora-advisory-board
mailing list