FC6: reducing size, moving packages out to fedora extras, security?
Axel Thimm
Axel.Thimm at ATrpms.net
Mon Mar 20 23:12:09 UTC 2006
On Mon, Mar 20, 2006 at 05:29:16PM -0500, Mike A. Harris wrote:
> IMHO, moving more and more stuff out of Core and into Extras is an
> overall good idea, so long as the infrastructure is present in
> _advance_ to make it easy to install the stuff that has moved to
> Extras, both at OS install time and later, and without requiring
> mandatory network access. ie: Fedora Extras on CD, kindof like
> powertools was before, but with anaconda support for that.
I think this is already the plan for FC6 and the timeframe looks right
to get these parts done.
But I hope one thing doesn't get lost in this transition: Mark Cox and
his team have been checking RHEL and FC only until now (or has this
changed?). So currently I know the software on the 5 CDs has been
checked against CVEs rigorously and the security team has taken
appropriate measures.
I think this kind of security infrastructure is needed for moving
these targeted 2/3 of Fedora Core to Fedora Extras. I'm afraid that
simply assigning all of Fedora Extras to be checked as good as Fedora
Core has been means more human resources which may not be
available. So I see three scenarios:
o packages moved to Fedora Extras are not being checked by Mark Cox
and friends anymore
o Mark Cox get a lot more coworkers to be able to deal with all
packages in Fedora Core and Fedora Extras
o Fedora Extras is split security-wise into 1st class and 2nd class
citizens.
From a user's POV I'd wish the second scenario would happen.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060321/005aa957/attachment.sig>
More information about the fedora-devel-list
mailing list