how to get started with helping the project [...]
David Rees
drees at greenhydrant.com
Fri Mar 4 19:07:25 UTC 2005
On Fri, March 4, 2005 9:26 am, Jim Popovitch said:
>
> My tactics are this: IMHO what I see now, wrt FL, isn't suitable for a
> production environment where systems require robustly tested patches in
> a timely fashion.
>
> FL caused me to be forced to remove PHP from my users due to the PHP
> support fiasco that ensued here. I am not going to sit idly by waiting
> for an SSH or FTP vulnerability to see if FL has matured.
>
> I have three choices:
>
> 1) Insist that FL matures and becomes more structured and reformed.
> (in the works, needs more support)
So far your "insisting" has resulted in pretty much a flame fest and hand
waving without achieving much if any real work.
If you need things like PHP security updates to get out in a timely
fashion, you need to help with the QA process there. There isn't a magic
team out there doing the work for free and getting perfect updates out in
minutes or hours, it takes people work to get these things done.
FL has done a great job given the resources available.
Any "tardiness" issuing security updates that I've seen has been a result
of insufficient resources. There are plenty of docs already in place, but
it isn't a sexy or fun job to implement, test and release security updates
much less learn how to do them. A bit of a catch 22: You need resources
to publish security updates, but the resources aren't there because it's a
PITA to do the work.
Steps have been taken to reduce the PITA factor, but in the end there's
only so much you can do without having people dedicated to working on them
24/7.
-Dave
More information about the fedora-legacy-list
mailing list