Jesse Keating wrote:
On Mon, 2009-07-20 at 21:18 -0400, Paul W. Frields wrote:
It has
been something like 4 years since the Fedora Legacy project ended, and
if you have a sizable labor pool you can eliminate one of the main
reasons that happened.
Note, to maintain Critical Security updates, which is essentially what
RHEL does once a RHEL release reaches it's maintenance mode, RH Security
team estimates that a single full time person can handle the work load.
This is a sizable pool when compared to what Fedora Legacy worked with,
and Legacy's target was much more broad, and the infrastructure much
less helpful.
I'm guessing that this 1 fulltime person in a security response team
role is to track, monitor, and coordinate the issues that need to be
addressed. Which in many cases is different from the devel, releng and
test aspects - necessitating much more than 1 fulltime person's worth of
work to pull off the broader initiative. Right?
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
