mysql-server

Eric Rostetter rostetter at mail.utexas.edu
Tue Mar 29 18:35:17 UTC 2005 

Quoting Tom Yates <madlists at teaparty.net>:

> > I only agree with not releasing updates on holidays/weekends when it is
> > an update for an unknown, unpublished, unexploited problem.  If the bug
> > is already know or being exploited, we need to get the update out asap.
> 
> what's so special about federal holidays?

The thread up to this point made no mention of federal holidays.  You're
just muddling the issue by introducing it now.

> many FL users are outside the
> US.  are we going to interdict all public holidays everywhere?  or add
> localised holiday-handling code to yum?

Code to yum would only be of benefit if it only applied to automatic
runs (otherwise it would interfer with those wishing to install updates
or test updates on the "restricted" days).  I don't think that would be
practical in any case.
 
> in all cases, we should release as soon as we have something that (a)
> fixes the problem and (b) passes QA, and let the end-user decide how they
> would like to handle the released code.

You're missing the point about my position.  If the bug is unknown, then
releasing it anounces the bug before people can patch.  If it is unreasonable
to assume the majority of people can patch it before an exploit appears
(which may happen immediately after announcing the fix), it would
be irresponsible to release the patch/update.

Now, if it went through a public QA, then the bug is already known, and
it can be released asap.  The only exception would be if it went through
a non-public QA.  This is unlikely to happen in FL, and is hence probably
not of concern.  It could be an issue for FL if we have "secret" patches
which are released without public QA due to the vendorsec (I think that's
the name?) agreement, but so far Jesse seems to think even vendorsec
stuff would probally go through public QA (or at least he posed the
question of whether it should).

> > The real issue here is that you should *NOT* do auto-updates on
> > production (or critical) machines, ever, period.
> 
> i completely agree, and that's the only way i'd ever consider upgrading
> mine.
> 
> 
> --
> 
>    Tom Yates
>    Cambridge, UK.

-- 
Eric Rostetter

More information about the fedora-legacy-list mailing list