On Tue, 07 Jul 2009 00:18:51 +0200, Kevin wrote: > Josh Boyer wrote: > > Fedora Legacy (the original one) failed. > > It failed because of excess bureaucracy (they didn't even trust Bugzilla's > authentication, requiring GPG signing of all Bugzilla comments with impact > on the procedures, and QA requirements were also unrealistic given the > manpower). The manpower bottleneck affected it in two different areas. From the beginning on, the leadership failed to meet the requirements of the tiny base of people who actually prepared updates. The limited infrastructure made the manpower bottleneck worse, because only a very few people were permitted to rpmbuild/mach official update packages. Not enough people to cover all packages, which suffered from vulnerabilities. Not enough people to become a Fedora Legacy package "owner" or "maintainer", who would also watch bugzilla for example. Not enough people with interest in those packages, not even in testing updates. It quickly became evident that a growing number of packages would remain vulnerable (or otherwise broken by a critical bug), because nobody wanted to take care of them. No inheritance of fedora.us' web of trust either. Even somebody, who copied and verified a patch from RHEL, couldn't move forward, because no second person acknowledged the pending updates in bugzilla. The old QA checklist was very short compared with Fedora's current guidelines -- still it had its enemies, especially those who would rather botch up a src.rpm and dump it into some /incoming place where others would need to pick it up and turn it into an official Fedora Legacy update. No quick leadership decisions to alter the policies and procedures. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
