On Tue, 21 Jul 2009, Tim Burke wrote:
Jesse Keating wrote:
On Mon, 2009-07-20 at 21:18 -0400, Paul W. Frields wrote:
It has
been something like 4 years since the Fedora Legacy project ended, and
if you have a sizable labor pool you can eliminate one of the main
reasons that happened.
Note, to maintain Critical Security updates, which is essentially what
RHEL does once a RHEL release reaches it's maintenance mode, RH Security
team estimates that a single full time person can handle the work load.
This is a sizable pool when compared to what Fedora Legacy worked with,
and Legacy's target was much more broad, and the infrastructure much
less helpful.
I'm guessing that this 1 fulltime person in a security response team role is
to track, monitor, and coordinate the issues that need to be addressed. Which
in many cases is different from the devel, releng and test aspects -
necessitating much more than 1 fulltime person's worth of work to pull off
the broader initiative. Right?
In the world of RHEL, this would certainly be true -- but in the world of
Fedora?
What QA/releng work is required to push updates into Fedora currently,
after the initial distro has been pushed out? I'm pretty sure it's not
much; we just use bodhi to coordinate +1s to packages in the updates
testing repo, and that's about the extent of it. This process would not
change.
--g
--
Computer Science professors should be teaching open source.
Help make it happen. Visit http://teachingopensource.org.
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-advisory-board