Please follow the KISS principle

Johnny Strom jonny.strom at netikka.fi
Wed Dec 31 11:25:20 UTC 2003 

Warren Togami wrote:
> Bernd Bartmann wrote:
> 
>> Hi all,
>>
>> after reading Warrens drafts and the answers I'm getting the impressions
>> that this projects start way to complicated. Let us just follow the KISS
>> principle (keep it simple stupid). As Fedora-Legacy only exists to
>> handle security updates and is not intended to introduce new features to
>> EOLed distributions we should really focus on the essentials. For me
>> this means NO rpm upgrades. 
> 
> 
> Regarding RH8, this is totally infeasible.  If the community demands 
> that RH8 is not upgraded, then I personally have zero reason to work on 
> this project.


Perhaps it would be a good ide to relase bugfixed pakckages located
at a separate place (directory) from the primary security fixes then 
users can uppdate the bugfixed packages if they so need or want to.



> 
> RH9 is less of a problem, but deadlocks still were common enough there 
> that I really feel upgrading is wise.  It would also have the benefit of 
> allowing the use of 2.6 kernels without the annoying O_DIRECT problem.
> 
> Ultimately it is terrible that we must continue to this day to tell 
> people to manually kill their rpm processes and delete the lock files 
> whenever this happens.  Upgrading RH8 and RH9 rpm will simply make these 
> problems go away, and the benefits far outweigh the risks here.
> 
>> Just use the infrastructure and tools that
>> Red Hat gave us with their distributions.
> 
> 
> I very strongly oppose this, and below is why.
> 
>>
>> Updated packages should primarily be available via HTTP/FTP. Progeny
>> also will focus on HTTP first. If someone can provide RSYNC, APT or YUM
>> repositories later this would be fine but it is not needed in the first
>> place.
> 
> 
> 1) The RH8 and RH9 repository has already been launched, and there have 
> been mirrors and users for something like the past 9 months.  apt and 
> yum are already supported.  The same will soon be launched for RH7.x.
> 2) Regarding "infrastructure and tools", it is infeasible to use the 
> tools that come with those older distributions because that would 
> require running a server like current.  current just does not scale 
> well, and far fewer mirrors would be willing to use it.
> up2date from FC1 could be backported, but nobody even mentioned putting 
> forward the work to do that yet.
> There is also the fact that apt and yum are vastly superior to up2date 
> in most ways, thus we should use the best tools available.
> 
>>
>> Personally I can offer to do package QA testing and bug reporting. I
>> have access to RH 7.2/7.3/8.0 test servers and already do a little bit
>> QA on some of the fedora.us packages.
> 
> 
> Excellent.
> 
>>
>> How shall we handle security alert notification to the developers? Can
>> we expect that everyone monitors all major (open) security mailing lists
>> ? At least I do so.
> 
> 
> Yes, and any knowledge already in the wild should be posted to the 
> legacy list for discussion.  Some of us may be on private security 
> lists, and we will need to create policies for handling this "secret" 
> knowledge.  Please suggest such policy.
> 
> Warren
> 
> 
> -- 
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list
>

More information about the fedora-legacy-list mailing list