On 08/19/2016 08:46 AM, Josh Boyer wrote: > On Fri, Aug 19, 2016 at 8:38 AM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: >> On 08/19/2016 08:29 AM, Kai Engert wrote: >>> On Thu, 2016-08-18 at 22:29 -0400, Yaakov Selkowitz wrote: >>>> Beta sounds a bit late to be introducing such a change unilaterally. >>>> Should this not be going through FESCo at this point? >>> >>> Then I suggest that we make the change immediately for Fedora 25, to allow it to >>> be included in the delayed alpha release. >>> >> >> It will absolutely not be accepted as a Freeze Exception. Changes of this scale >> are far too high-risk and will almost certainly result in another schedule slip. > > I'm having a hard time following the argument of scale and risk here > when it pertains to schedule slip. The package itself is fairly > self-contained and isn't likely to cause issues against the actual > Alpha test criteria. Can you elaborate why you think doing this as an > FE would cause a slip? > Essentially, it means that anything in Fedora using 1024 RSA root CAs would suddenly fail. I don't have a clear picture of what exact tests are run, but I'd not be surprised to discover some of the Workstation browser tests to suddenly start failing as a result of this. That's not even including anyone who just starts poking around with it and filing bugs because their favorite website is no longer available. Put another way: with my Blocker/FE reviewer hat on, I'd be inclined to vote this as too risky to grant an FE to, simply because we have no real way of knowing what it would break. I'd rather not jeopardize the already-slipped alpha for a late change with an unknown risk level. With my FESCo hat on, I'd be in favor of landing this in updates-testing immediately. Then folks who install the Alpha will get it in their first update and we'd have ample time to work out the issues prior to Beta.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
