Security Response Team / EOL

Axel Thimm Axel.Thimm at
Sat Apr 29 16:02:25 UTC 2006

On Sat, Apr 29, 2006 at 11:54:27AM -0400, Jesse Keating wrote:
> On Sat, 2006-04-29 at 17:42 +0200, Axel Thimm wrote:
> > I think we're arguing on the same side. We all want to look
> > forward with our packaging. And freezing upgrades on legacy
> > releases will only make packagers spend more time with old stuff
> > (backporting security fixes) that will then be missed with ongoing
> > stuff. Even in the ideal situation of 2 current and 2 legacy
> > releases you end up maintaining 3 versions of a package. And right
> > now we are still far from 2 legacy releases (we're at 5).
> Ok, here's the source of our problem.  You've assumed that security
> fixes have to be backported.  Nowhere is this / should this be said.

Well, it was suggested on this thread and wasn't outruled (yet).

> I'm perfectly fine with doing package UPgrades to fix a security
> issue.  I just don't want to see upgrades just for the sake of
> upgrades.  Upgrades should happen only to resolve a security issue.
Axel.Thimm at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the fedora-extras-list mailing list