more latest selinux policy change problems

[Daniel J Walsh]

Tom Lisjac wrote:

>On 6/21/05, Chuck Anderson <cra at wpi.edu> wrote:
>  
>
>>On Tue, Jun 21, 2005 at 12:33:48AM -0600, Tom Lisjac wrote:
>>    
>>
>>>Suggestion: Functional changes that can break existing installs
>>>shouldn't be provided as normal updates... they should be included in
>>>the next OS version. Otherwise, if the update policy is perceived to
>>>put running servers at risk, it won't be long before the community
>>>stops taking Fedora seriously.
>>>      
>>>
>>That isn't the goal of Fedora, though.  Updates are specifically NOT
>>backported to older trees.  Instead, you get the update for the latest
>>OS release, rebuilt for the older releases.
>>    
>>
>
>Thanks for the clarification. Could you refer me to the place where
>this policy is stated? The only reference I can find that might allude
>to it is item 3 on this page:
>
>http://fedora.redhat.com/about/objectives.html
>
>Woudn't it be better to simply stop pushing SELinux updates to older
>versions rather then continuing to apply new and possibliy
>incompatible features of the newer release?
>
>  
>
>>If you want a more stable
>>tree with backported fixes, then use RHEL.
>>    
>>
>
>We can't afford RHEL. If updating installed Fedoras is going to cause
>them to become unstable after a new version release, we'll have no
>choice but to migrate to another OS.
>
>Best regards,
>
>-Tom
>
>  
>
The goal is not to make it unstable, and we still have not figured out 
what went wrong.  But Fedora updates to the latest kernel, for security
updates, rather than backporting like we do for RHEL.  So when a Kernel 
gets updated, we needed to update policy, and that is where the
fun began.  Currently FC4 is going through major bug fixes in Policy, so 
I don't envision many more changes to FC3.

>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>  
>


--