Jesse Keating jkeating at redhat.com
Thu Mar 2 21:43:54 UTC 2006

On Thu, 2006-03-02 at 16:34 -0500, Josh Bressers wrote:
> This also brings up the question of how do we want to (if at all) have
> Legacy and Extras security teams work together.  There probably won't be
> much overlap, but often the analysis is the most important part of dealing
> with security issues.

So I can see Legacy and Extras folks working together in terms of
discussion and best practices, but I wanted to avoid Extras maintainers
'dumping' their packages on the Legacy project to maintain the security
updates.  Legacy exists because Red Hat doesn't want to pay their
developers to continue maintaining security updates for outdated
releases.  This is very fair.  Legacy is taking the place of those
maintainers.  Extras has no such problem in this aspect, an Extras
maintainer should be in for a pinch, in for a mile.  In fact, if
anything I'd like to see some of the Extras maintainers putting in some
work on testing/building/whatevering packages within the Legacy space.
This will be much easier to do once Legacy switches over to an Extras
like build system (soon) including a copy of the Fedora CVS contents.
These things are indeed up for discussion.

Jesse Keating
Release Engineer: Fedora
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20060302/87583989/attachment.sig>

More information about the Fedora-security-list mailing list