Security Response Team / EOL
Ed Hill
ed at eh3.com
Fri Apr 28 15:46:14 UTC 2006
On Fri, 2006-04-28 at 14:22 +0200, Thorsten Leemhuis wrote:
> Am Freitag, den 28.04.2006, 13:43 +0200 schrieb Patrice Dumas:
> > > Doing both (e.g. 50% of the packagers update their packages to new
> > > versions, the other 50% only fix bugs) is IMHO the worst we can do. If
> > Why? [...]
>
> People from the outside look at Fedora Extras as a single entity. And
> therefor we IMHO should maintain a consistent look-and-feel to
> outsiders.
The above is (IMHO) a important point that Patrice and others (again,
IMHO) are either missing or choosing to ignore. There are a few
thousand packages in FE and the number is growing (yea!!!) every week.
No one -- *especially* users -- is going to have the time to determine
which packages are being updated and which aren't. We ought (again,
IMHO) to strive for some consistency.
Expectations are a difficult enough thing to communicate. We don't and
IMHO shouldn't try to make it any harder to understand.
> > > > I completly disagree with that. If a user don't want new packages that
> > > > entered extras while in maintainance state he shouldn't install new
> > > > packages. In my opinion the maintainer could be able to add new packages
> > > > for distributions in maintainance state, if he is confident that he
> > > > will maintain it. [...]
> > > I can live with that if others agree with it. But there were some people
> > > in FESCo that don't like this idea.
> > Why? [...]
IMHO, a "maintenance mode" should have no new packages and should be a
"cooling off" period that leads to a clear-cut EOL. In my mind, "EOL"
means _dead_ -- the release has been honorably laid to rest. And thats
a _good_ thing! I want to be free of bug reports from old versions. I
want to be free to ignore them and focus my limited volunteer time on
the present and future releases.
"That release has reached EOL -- please see if the problem exists
in current releases."
The above should be a perfectly acceptable way to close bz tickets. And
end users shouldn't be then arguing that some other ${XYZ} package is
being updated on ${EOLed_RELEASE} and that therefor my packages should
also be upgraded because there is some new problem or interaction or
inconsistency...
Ed
--
Edward H. Hill III, PhD
office: MIT Dept. of EAPS; Rm 54-1424; 77 Massachusetts Ave.
Cambridge, MA 02139-4307
emails: eh3 at mit.edu ed at eh3.com
URLs: http://web.mit.edu/eh3/ http://eh3.com/
phone: 617-253-0098
fax: 617-253-4464
More information about the fedora-extras-list
mailing list