> The planning reliability for those who would maintain the legacy branches > in replacement of original package owners. Assume we [the FE project] > transferred the FE3 branch into maintenance state tomorrow, because the > newly formed security response team had had announced that they wanted to > tackle the problem of keeping FE3 secure as long as FC3 is maintained by > Fedora Legacy. Do we want to keep the gates wide open and permit arbitrary > contributors to fill FE3 with new packages which make FE3 grow and may > need to be fixed by the security team sooner or later? I think we don't > want that. I can't see how it is different for current releases. The same exactly applies for current releases (I substituted FE3 by FE4/FE5...): "Do we want to keep the gates wide open and permit arbitrary to fill FE4/FE5 with new packages which make FE4/FE5 grow and may need to be fixed by the security team sooner or later?" A package added in FE4/FE5 will have to be maintained much longer than a package added in FE3. And in my opinion it is better to have a package added to the FE3 branche by a contributor really willing to maintain that branch than a package added to FE4/FE5 by a contributor that don't want to really take care of that package in the long term. -- Pat -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
