Feature proposal: Extended Life Cycle Support
Michael Schwendt
mschwendt at gmail.com
Tue Jul 7 09:45:32 UTC 2009
On Tue, 07 Jul 2009 00:18:51 +0200, Kevin wrote:
> Josh Boyer wrote:
> > Fedora Legacy (the original one) failed.
>
> It failed because of excess bureaucracy (they didn't even trust Bugzilla's
> authentication, requiring GPG signing of all Bugzilla comments with impact
> on the procedures, and QA requirements were also unrealistic given the
> manpower).
The manpower bottleneck affected it in two different areas. From the
beginning on, the leadership failed to meet the requirements of the tiny
base of people who actually prepared updates. The limited infrastructure
made the manpower bottleneck worse, because only a very few people were
permitted to rpmbuild/mach official update packages.
Not enough people to cover all packages, which suffered from
vulnerabilities. Not enough people to become a Fedora Legacy package
"owner" or "maintainer", who would also watch bugzilla for example.
Not enough people with interest in those packages, not even in testing
updates. It quickly became evident that a growing number of packages would
remain vulnerable (or otherwise broken by a critical bug), because nobody
wanted to take care of them.
No inheritance of fedora.us' web of trust either. Even somebody, who
copied and verified a patch from RHEL, couldn't move forward, because no
second person acknowledged the pending updates in bugzilla.
The old QA checklist was very short compared with Fedora's current
guidelines -- still it had its enemies, especially those who would rather
botch up a src.rpm and dump it into some /incoming place where others
would need to pick it up and turn it into an official Fedora Legacy update.
No quick leadership decisions to alter the policies and procedures.
More information about the fedora-devel-list
mailing list