On Fri, March 4, 2005 9:26 am, Jim Popovitch said: > > My tactics are this: IMHO what I see now, wrt FL, isn't suitable for a > production environment where systems require robustly tested patches in > a timely fashion. > > FL caused me to be forced to remove PHP from my users due to the PHP > support fiasco that ensued here. I am not going to sit idly by waiting > for an SSH or FTP vulnerability to see if FL has matured. > > I have three choices: > > 1) Insist that FL matures and becomes more structured and reformed. > (in the works, needs more support) So far your "insisting" has resulted in pretty much a flame fest and hand waving without achieving much if any real work. If you need things like PHP security updates to get out in a timely fashion, you need to help with the QA process there. There isn't a magic team out there doing the work for free and getting perfect updates out in minutes or hours, it takes people work to get these things done. FL has done a great job given the resources available. Any "tardiness" issuing security updates that I've seen has been a result of insufficient resources. There are plenty of docs already in place, but it isn't a sexy or fun job to implement, test and release security updates much less learn how to do them. A bit of a catch 22: You need resources to publish security updates, but the resources aren't there because it's a PITA to do the work. Steps have been taken to reduce the PITA factor, but in the end there's only so much you can do without having people dedicated to working on them 24/7. -Dave -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
