-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Fri, May 23, 2014 at 10:16:41AM -0400, Matthew Miller wrote: > On Fri, May 23, 2014 at 10:01:46AM -0400, Eric H. Christensen wrote: > > I dislike the idea of a separate repo for ultra-critical updates. Once a > > fix is available for a vulnerability it should, IMO, be shipped as soon as > > possible. I know this doesn't fit into the Microsoft model or our model of > > community testing but really as soon as you go public with a fix you've > > also just notified all the "bad guys" out there to the vulnerability and > > exactly how to exploit it. It's a race condition at that point. > > I'm not sure I follow here. What do you dislike? This isn't meant to be a > hidden repo -- it's the "ship as soon as possible!" repo, so it sounds like > you're agreeing. I guess I don't understand the need for the extra repo. Why not just push it to fedora-updates? - -- - -------------------------------------------------- Eric "Sparks" Christensen Fedora Project sparks@xxxxxxxxxxxxxxxxx - sparks@xxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTf2V/AAoJEB/kgVGp2CYvEHoMAI2aV5YFzi29DxN0Hzsw8m/v EBWmze1DDb6yvatSpuLxmhMbaGPXbvy3dtKSZOf7o7fcYBomEbAtymLlzYOEggH0 P2iccuKC5L41xCYlbTjDH9sAfP1/I5rH2fXnvRq6s/Pj5uygIUoWuEPRBxyvCkBt HWBCS/BXQ6D3zaO3IEiATuyyfGSOfqED3whYS8ShJnQAPpcXIz5fEqv0m3EHa+s1 YS7SJtmMqrB4EjggS1MCOZaNOHxBBAP4ETHxCTopKx4qdDBIwv65BcL1OOeTi8I9 h+/5J6CJ0308HjQphm+LKfX09IN4UjeZmfNmYE1ZQPV24K4J4I8O/NaIhA8P9qvE XBD8TWCNtjiSL/ra6UHYDUXg7vXNVFIYZS1NoC2MGkwb0cUISVjXfSQYbEOQE+yd Z4SHzHLh7Opjw8eOL60Bw5SbdfG2zZJyJJXY74WNTf8Z3LmCVa6inpNdQtdcfNcY d+r5AwPnFZQT9Unq3/6eHbHQiEA8a/ulB3N8Ouzb8w== =4zpT -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
