Again: EOL Policy for Fedora Extras

Thorsten Leemhuis fedora at leemhuis.info
Sat Feb 18 20:43:07 UTC 2006 

Am Samstag, den 18.02.2006, 20:59 +0100 schrieb Michael Schwendt:
> On Sat, 18 Feb 2006 19:30:14 +0100, Thorsten Leemhuis wrote:
> 
> > We still have no defined EOL Policy for Fedora Extras -- there were some
> > ideas and concepts floating around, but no real policy came out of it so
> > far. I'd really like to get this solved somehow soon. That's why I'm
> > writing this mail. 
> 
> Long mail, short story: Do we agree on common goals with regard to FE?

Well, we're a lot of packagers now and in such a large group the goals
that people have will always be a bit ^w^w different. 

> I'm not sure we do. Instead of discussing EOL policy bottom-up for FE3,
> how about we discuss in general _what_ we at Fedora Extras _try_ to offer?

Feel free to start a detailed discussion. I wrote enough long mails
already today ;-) I'll see what comes out of the discussion or jump in
when I feel a need for it.

> [...] 
> > - It's Extras. It's unsupported by nature.
> That's brain-fart type of comment. Suitable for flame-wars, not for
> serious attempts at discussing this issue. Hopefully we all know what kind
> of "support" Fedora Extras is about.

I can agree here, but...

> > - How many fire and forget packages are sitting in Extras?
> 
> Same here. :( Let's shut down the whole show just because of a few black
> sheep.

...I have to disagree here. Nobody talked about "shutting down the whole
show" (well, not until now). We have no security SIG or something
similar yet that watches security mailing-lists or fixes packages if the
maintainer does not act im time. So this question is okay here IMHO (and
was not from me in the beging, I just quoted it).  

> > And some concrete plans:
> 
> > - shove FE3 into a Maintenance state for now -- no new packages, no big
> > updates but still updates in case of security problems
> 
> What is "concrete" about this suggestion?

This part at the end of my original mail:

- shove FE3 into a Maintenance state for now -- no new packages, no big
updates but still updates from the usual maintainers in case of security
problems

[...] but how to we make sure that the
Extras packagers still maintain their stuff? We can't. We need a
Security SIG that oversees this and jumps in when the maintainer forgets
to fix his package. FE4 would benefit from such a Security SIG, too.

And even if we shove FE3 into a Maintenance state -- we need to define a
EOL date for FE3 in any case. When? Release of FC6? FC7? When legacy
drops the belonging Fedora Core?  

>  It's just another proposal
> which doesn't suggest _who_ performs the updates.

Maintainer -> If not the security SIG jumps in -- we need such a SIG
anyway afaics.

>  Assume that some
> packagers will _refuse_ releasing updates for a legacy FC.

Sure.

> > - we create an extras legacy team that takes over FE3 when FC3 is
> > transfered to legacy 
> 
> +1  This is the only realistic suggestion. No community developer
> interest, no show.

Well, we already have community interest in a Security SIG and some
maintainer that still want to maintain FE3.

But we'll see, maybe enough people step up for FEL (Fedora Extras
Legacy). We just need to find a solution -- even if that is "There was
no community developer interest, so Fedora Extras 3 is EOL from now on."

CU
thl

-- 
Thorsten Leemhuis <fedora at leemhuis.info>

More information about the fedora-extras-list mailing list