Security Response Team / EOL
pertusus at free.fr
Sat Apr 29 15:28:24 UTC 2006
> The planning reliability for those who would maintain the legacy branches
> in replacement of original package owners. Assume we [the FE project]
> transferred the FE3 branch into maintenance state tomorrow, because the
> newly formed security response team had had announced that they wanted to
> tackle the problem of keeping FE3 secure as long as FC3 is maintained by
> Fedora Legacy. Do we want to keep the gates wide open and permit arbitrary
> contributors to fill FE3 with new packages which make FE3 grow and may
> need to be fixed by the security team sooner or later? I think we don't
> want that.
I can't see how it is different for current releases. The same exactly
applies for current releases (I substituted FE3 by FE4/FE5...):
"Do we want to keep the gates wide open and permit arbitrary to fill FE4/FE5
with new packages which make FE4/FE5 grow and may need to be fixed by the
security team sooner or later?"
A package added in FE4/FE5 will have to be maintained much longer than a
package added in FE3. And in my opinion it is better to have a package added
to the FE3 branche by a contributor really willing to maintain that branch
than a package added to FE4/FE5 by a contributor that don't want to really
take care of that package in the long term.
More information about the fedora-extras-list