priorization and rhl73 server-only help [Re: changes are needed, we need keep moving]

[Pekka Savola]

On Thu, 2 Jun 2005, Eric Rostetter wrote:
> Quoting Jim Popovitch <jimpop at yahoo.com>:
>
>> A LOT of that is because there are a LOT of packages waiting for testing
>> that people just plainly don't have interest in.  Looking at
>
> The older the OS release, the more problem that will be, indeed.
>
>> http://www.netcore.fi/pekkas/buglist-rhl73.html, I see 95% of cruft that
>> makes it difficult to focus on the 4 or 5% that I care about.  Do we
>> really need to be releasing a mozilla for rh73?
[...]

If we could agree to some criteria, we could classify some bugs as 
"normal or high" severity and only be biggest ones "security".  The 
latter show in the buglist in red, the former in black.  Maybe that 
would help in identifying the most important updates.

>> Here's my predicament: I can test RH73 packages used in a "locked-down"
>> server environment.  So, what do I need to test?
>
> Good question.  I don't have an answer right now.  I still have several
> 7.3 machines, server and desktop, but I'm slowly upgrading them to
> Centos 3/4, so I don't know how long I'll be able to help.

Looking at:
http://www.netcore.fi/pekkas/buglist-rhl73.html

"All -rhl73 packages lacking VERIFY", we have for example,

krb5, dhcp, [squid?], lvm, postgres, ethereal (and some others).  Some 
of these are probably installed on a server system.  I think at least 
krb5 and dhcp are in the default server installation.

Under "All -rhl73 packages lacking PUBLISH (but excluding 
NEEDSWORK)", we have for example 'telnet' which is probably included 
in server systems as well.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings