Nils Breunese (Lemonbit Internet) wrote:
Why would anyone who has updates enabled not want legacy updates to be
enabled?
From my perspective, I want to know *who* the updates are coming from.
In the case of Redhat updates, I know that there are ISO-9001
procedures and policies in place as well as corporate oversight and more
importantly corporate responsibility (from a legal point of view). From
FL you generally (if not universally) get good updates, however do you
really really know what was in that last ssh update that you got? While
I am not so paranoid to automatically suspect everything I download, I
am paranoid enough to try and understand the origin of what I download.
So...
1) what server should be used as the default update server
for out-of-the-box updates?
2) what policies, purview, scrutiny should that/those server
operators be put under and who will take responsibility
for enforcing this?
3) what legal disclaimers, and by what means, will alert
newbies that they are no longer getting official Redhat
updates?
Currently all three of the above issues are addressed individually by
users who manually configure their systems. This action is so user
intensive (visit website, cut-copy-paste yum.conf, download and install
yum, etc) that it isolates FL from legal responsibility. All FL has to
do to protect itself is not intentionally post malicious code or
instructions.
-Jim P.
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
