Jim Popovitch wrote:
Nils Breunese (Lemonbit Internet) wrote:
Why would anyone who has updates enabled not want legacy updates
to be enabled?
From my perspective, I want to know *who* the updates are coming
from. In the case of Redhat updates, I know that there are
ISO-9001 procedures and policies in place as well as corporate
oversight and more importantly corporate responsibility (from a
legal point of view). From FL you generally (if not universally)
get good updates, however do you really really know what was in
that last ssh update that you got? While I am not so paranoid to
automatically suspect everything I download, I am paranoid enough
to try and understand the origin of what I download.
So...
1) what server should be used as the default update server
for out-of-the-box updates?
2) what policies, purview, scrutiny should that/those server
operators be put under and who will take responsibility
for enforcing this?
3) what legal disclaimers, and by what means, will alert
newbies that they are no longer getting official Redhat
updates?
Currently all three of the above issues are addressed individually
by users who manually configure their systems. This action is so
user intensive (visit website, cut-copy-paste yum.conf, download
and install yum, etc) that it isolates FL from legal
responsibility. All FL has to do to protect itself is not
intentionally post malicious code or instructions.
Those are all really valid points and I totally agree. Still I have
this nagging feeling that a lot of end users will totally not notice
their OS is no longer receiving updates and that something like
Fedora Legacy is available. You might say they're just to ignorant to
care about, but I don't know... Maybe pup will solve this problem,
but that may or may not be in FC5. A lot of current users might be
left out in the cold without them even knowing.
Nils Breunese.
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list