Follow-up on Extended Life Cycle
Jesse Keating
jkeating at redhat.com
Tue Jul 21 17:05:28 UTC 2009
On Tue, 2009-07-21 at 12:31 -0400, Paul W. Frields wrote:
> On Tue, Jul 21, 2009 at 09:20:20AM -0700, Jesse Keating wrote:
> > On Tue, 2009-07-21 at 17:14 +0300, Dimitris Glezos wrote:
> > >
> > > Is it necessary to go all-or-nothing,
> >
> > In my opinion yes. What's on the DVD vs not is largely arbitrary, and
> > really doesn't mean anything to a user 13 months after they've done the
> > install.
> >
> > Again take a look at the security definitions of what Critical means,
> > and apply that to the package sets within Fedora. It's not going to be
> > as many updates as people seem to think.
>
> I didn't think it was a foregone conclusion that this was limited to
> "Critical" security issues. That's certainly not listed in the wiki
> page either, and Jeroen asked us for input on what level of security
> fixes would be appropriate. Doesn't that number increase as one
> widens that net to include Important and Moderate severity?
>
Right, sorry, it was my suggestion that they start with Critical, and if
the project is successful widen the net to Important and Moderate.
Adding those two in definitely increases the load, not by a small amount
either, which is why I think it would be inappropriate to shoot for that
goal from the beginning, or rather to hold their effort accountable to
that level from the beginning.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-advisory-board/attachments/20090721/b8d620b2/attachment.sig>
More information about the fedora-advisory-board
mailing list