Jared K. Smith wrote:
> I completely disagree... the checks and balances that are in place are
> there for a reason, and aren't too difficult to satisfy in the case of a
> security update. Completely repealing the requirements would be a gross
> overreaction.
Introducing the requirements was the gross overreaction. It was a completely
bureaucratic paranoid reaction to 2 isolated one-time incidents that had
simple workarounds and thus very low impact. (And we have had similar
incidents since then, despite (or in some cases even BECAUSE OF) the new
update policies.) The perceived "stability issue" with Fedora updates at the
time simply did not exist. It was just a pair of unlucky incidents
completely blown out of proportion.
If the checks were so easy to satisfy in the case of a security update, we
wouldn't have a thread such as this one every few months. Security updates
(or any other important updates, such as regression fixes, for that matter)
for Fedora n-1 (and sometimes even for Fedora n) just do NOT go out in a
timely manner.
The regression fix issue is a particularly unfortunate one: The policies
were introduced in an attempt to prevent regressions, but they fail at it
very often and then delay the FIX for the regression, increasing the
exposure time to the regression and thus also the number of affected users
(because many users don't update daily). Regression fixes MUST be pushed
directly to stable.
None of the attempts at fixing the issue within the current policies has
worked. It still works as poorly as on day 1. Each time there is a thread
like this one, there is a fire-and-forget testing rush by supporters of the
policies to "prove" that it "works", and a week later, we're back to square
one. It is time to recognize these policies as a failure and revert to the
process that worked.
Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
