Security Response Team / EOL
Jesse Keating
jkeating at redhat.com
Sat Apr 29 15:54:27 UTC 2006
On Sat, 2006-04-29 at 17:42 +0200, Axel Thimm wrote:
>
> I think we're arguing on the same side. We all want to look forward
> with our packaging. And freezing upgrades on legacy releases will only
> make packagers spend more time with old stuff (backporting security
> fixes) that will then be missed with ongoing stuff. Even in the ideal
> situation of 2 current and 2 legacy releases you end up maintaining 3
> versions of a package. And right now we are still far from 2 legacy
> releases (we're at 5).
Ok, here's the source of our problem. You've assumed that security
fixes have to be backported. Nowhere is this / should this be said.
I'm perfectly fine with doing package UPgrades to fix a security issue.
I just don't want to see upgrades just for the sake of upgrades.
Upgrades should happen only to resolve a security issue.
--
Jesse Keating
Release Engineer: Fedora
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20060429/9e9622f6/attachment.sig>
More information about the fedora-extras-list
mailing list