-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi all,
after reading Warrens drafts and the answers I'm getting the impressions that this projects start way to complicated. Let us just follow the KISS principle (keep it simple stupid). As Fedora-Legacy only exists to handle security updates and is not intended to introduce new features to EOLed distributions we should really focus on the essentials. For me this means NO rpm upgrades. Just use the infrastructure and tools that Red Hat gave us with their distributions.
Updated packages should primarily be available via HTTP/FTP. Progeny also will focus on HTTP first. If someone can provide RSYNC, APT or YUM repositories later this would be fine but it is not needed in the first place.
Personally I can offer to do package QA testing and bug reporting. I have access to RH 7.2/7.3/8.0 test servers and already do a little bit QA on some of the fedora.us packages.
How shall we handle security alert notification to the developers? Can we expect that everyone monitors all major (open) security mailing lists ? At least I do so.
BTW: There seems to be a security update available for CVS: http://ccvs.cvshome.org/servlets/NewsItemView?newsID=88
Best regards.
- -- Dipl.-Ing. (FH) Bernd Bartmann <Bernd.Bartmann@xxxxxxxxxx> I.S. Security and Network Engineer SoHaNet Technology GmbH / Kaiserin-Augusta-Allee 10-11 / 10553 Berlin Fon: +49 30 214783-44 / Fax: +49 30 214783-46 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/8hsDkQuIaHu84cIRAl89AKCHlWTWuCpRGax5bhYKU06Df58HHQCfYUXS b7N495kWdGothCKwFXEG9ac= =6dIl -----END PGP SIGNATURE-----
