Quoting Tom Yates <madlists@xxxxxxxxxxxx>: > > I only agree with not releasing updates on holidays/weekends when it is > > an update for an unknown, unpublished, unexploited problem. If the bug > > is already know or being exploited, we need to get the update out asap. > > what's so special about federal holidays? The thread up to this point made no mention of federal holidays. You're just muddling the issue by introducing it now. > many FL users are outside the > US. are we going to interdict all public holidays everywhere? or add > localised holiday-handling code to yum? Code to yum would only be of benefit if it only applied to automatic runs (otherwise it would interfer with those wishing to install updates or test updates on the "restricted" days). I don't think that would be practical in any case. > in all cases, we should release as soon as we have something that (a) > fixes the problem and (b) passes QA, and let the end-user decide how they > would like to handle the released code. You're missing the point about my position. If the bug is unknown, then releasing it anounces the bug before people can patch. If it is unreasonable to assume the majority of people can patch it before an exploit appears (which may happen immediately after announcing the fix), it would be irresponsible to release the patch/update. Now, if it went through a public QA, then the bug is already known, and it can be released asap. The only exception would be if it went through a non-public QA. This is unlikely to happen in FL, and is hence probably not of concern. It could be an issue for FL if we have "secret" patches which are released without public QA due to the vendorsec (I think that's the name?) agreement, but so far Jesse seems to think even vendorsec stuff would probally go through public QA (or at least he posed the question of whether it should). > > The real issue here is that you should *NOT* do auto-updates on > > production (or critical) machines, ever, period. > > i completely agree, and that's the only way i'd ever consider upgrading > mine. > > > -- > > Tom Yates > Cambridge, UK. -- Eric Rostetter -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
