On Tue, Jul 21, 2009 at 08:38:11AM -0400, Greg DeKoenigsberg wrote: > On Tue, 21 Jul 2009, Tim Burke wrote: > >> Jesse Keating wrote: >>> On Mon, 2009-07-20 at 21:18 -0400, Paul W. Frields wrote: >>> >>>> It has >>>> been something like 4 years since the Fedora Legacy project ended, and >>>> if you have a sizable labor pool you can eliminate one of the main >>>> reasons that happened. >>> >>> Note, to maintain Critical Security updates, which is essentially what >>> RHEL does once a RHEL release reaches it's maintenance mode, RH Security >>> team estimates that a single full time person can handle the work load. >>> This is a sizable pool when compared to what Fedora Legacy worked with, >>> and Legacy's target was much more broad, and the infrastructure much >>> less helpful. >>> >>> >> I'm guessing that this 1 fulltime person in a security response team >> role is to track, monitor, and coordinate the issues that need to be >> addressed. Which in many cases is different from the devel, releng and >> test aspects - necessitating much more than 1 fulltime person's worth of >> work to pull off the broader initiative. Right? > > In the world of RHEL, this would certainly be true -- but in the world of > Fedora? > > What QA/releng work is required to push updates into Fedora currently, > after the initial distro has been pushed out? I'm pretty sure it's not > much; we just use bodhi to coordinate +1s to packages in the updates > testing repo, and that's about the extent of it. This process would not > change. That's pretty much the size of it. The package maintainer shoulders a big part of the burden, and then co-opts the work of other intrepid volunteers to test the packages and get the bodhi karma needed for an update push. I'd assume the latter step doesn't really change for this effort, since it doesn't have to. But many of the current package maintainers are not involved in this effort, so exactly who is taking over the former work, and how it proceeds in an organized fashion, are important questions that must be answered. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
