On Wed, Oct 15, 2008 at 02:19:09PM +0200, Ralf Corsepius wrote: >On Wed, 2008-10-15 at 07:33 -0400, Josh Boyer wrote: >> On Wed, Oct 15, 2008 at 09:42:28AM +0200, Patrice Dumas wrote: >> >On Wed, Oct 15, 2008 at 08:36:05AM +0100, David Woodhouse wrote: >> >> >> >> If we present the _appearance_ of a distro with security updates, while >> >> in fact there are serious security issues being unfixed, then that is >> >> _much_ worse than the current "That distro is EOL. Upgrade before you >> >> get hacked" messaging. >> > >> >The aim here is not to present the _appearance_ of a distro with >> >security updates but give the choice to the user either to upgrade or to >> >stick with a distro where some packages will not be maintained. >> >Something along "That distro is EOL. Upgrade before you get hacked. >> >Alternatively, and at your own risk, you can enable a repository where >> >some packages are updated on a volunteer basis, but some packages aren't >> >maintained anymore." >> > >> >With a page listing which packages are still supported. >> >> The issue you will have is that people will not be comfortable opening the >> ACLs for things like the kernel or glibc or gcc. >And their rationale being what? See my other reply. >Them preferring leaving users exposed to vulnerabilities? Obviously not, since the newer distros are maintained. >Or is their rationale of personal nature? Well, since we're all just talking theoreticals I don't see how anything can be of a personal nature yet. josh -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
