Please follow the KISS principle
Johnny Strom
jonny.strom at netikka.fi
Wed Dec 31 11:25:20 UTC 2003
Warren Togami wrote:
> Bernd Bartmann wrote:
>
>> Hi all,
>>
>> after reading Warrens drafts and the answers I'm getting the impressions
>> that this projects start way to complicated. Let us just follow the KISS
>> principle (keep it simple stupid). As Fedora-Legacy only exists to
>> handle security updates and is not intended to introduce new features to
>> EOLed distributions we should really focus on the essentials. For me
>> this means NO rpm upgrades.
>
>
> Regarding RH8, this is totally infeasible. If the community demands
> that RH8 is not upgraded, then I personally have zero reason to work on
> this project.
Perhaps it would be a good ide to relase bugfixed pakckages located
at a separate place (directory) from the primary security fixes then
users can uppdate the bugfixed packages if they so need or want to.
>
> RH9 is less of a problem, but deadlocks still were common enough there
> that I really feel upgrading is wise. It would also have the benefit of
> allowing the use of 2.6 kernels without the annoying O_DIRECT problem.
>
> Ultimately it is terrible that we must continue to this day to tell
> people to manually kill their rpm processes and delete the lock files
> whenever this happens. Upgrading RH8 and RH9 rpm will simply make these
> problems go away, and the benefits far outweigh the risks here.
>
>> Just use the infrastructure and tools that
>> Red Hat gave us with their distributions.
>
>
> I very strongly oppose this, and below is why.
>
>>
>> Updated packages should primarily be available via HTTP/FTP. Progeny
>> also will focus on HTTP first. If someone can provide RSYNC, APT or YUM
>> repositories later this would be fine but it is not needed in the first
>> place.
>
>
> 1) The RH8 and RH9 repository has already been launched, and there have
> been mirrors and users for something like the past 9 months. apt and
> yum are already supported. The same will soon be launched for RH7.x.
> 2) Regarding "infrastructure and tools", it is infeasible to use the
> tools that come with those older distributions because that would
> require running a server like current. current just does not scale
> well, and far fewer mirrors would be willing to use it.
> up2date from FC1 could be backported, but nobody even mentioned putting
> forward the work to do that yet.
> There is also the fact that apt and yum are vastly superior to up2date
> in most ways, thus we should use the best tools available.
>
>>
>> Personally I can offer to do package QA testing and bug reporting. I
>> have access to RH 7.2/7.3/8.0 test servers and already do a little bit
>> QA on some of the fedora.us packages.
>
>
> Excellent.
>
>>
>> How shall we handle security alert notification to the developers? Can
>> we expect that everyone monitors all major (open) security mailing lists
>> ? At least I do so.
>
>
> Yes, and any knowledge already in the wild should be posted to the
> legacy list for discussion. Some of us may be on private security
> lists, and we will need to create policies for handling this "secret"
> knowledge. Please suggest such policy.
>
> Warren
>
>
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list
>
More information about the fedora-legacy-list
mailing list