Axel Thimm wrote:
On Tue, Nov 07, 2006 at 11:46:37PM +0530, Rahul Sundaram wrote:
Unifying and opening up more of the infrastructure and other ideas like
that only doing critical security fixes are things to look at.
But FL's charter is already to only cater about security fixes, or do
you imply to categorize them and allow some to slip? E.g. allow local
priviledge escalation, but fix remote exploits?
I don't think that's a good FL manifesto. Allowing non-critical
security issues to exist will only harm the project's front to the
public more.
Not really. It is better than not pushing updates at all. See
https://www.redhat.com/archives/fedora-security-list/2006-October/msg00006.html
The issue is also not the infrstructure IMO, it's simply lack of human
resources and either someone needs to assign them to it if that entity
(Red Hat/board/whatever) considers that a worthy goal, or the
resources need to come from more voluntary people, e.g. FL needs a
marketing manager.
Lack of human resources is also a result of higher barrier to entry. New
people need to be able to contribute easily. Existing contributors in
other sub projects like extras need to able to do that. Unifying
infrastructure and automating more of the tasks helps in both ways.
Or the need for resources is cut by reducing the number and time span
of supported releases
Just as reducing time span is a option, classification of
vulnerabilities and working on critical ones after a time span is also a
option that needs to be considered.
Rahul
--
fedora-legacy-list mailing list
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
