On Sat, 29 Apr 2006 17:28:24 +0200, Patrice Dumas wrote: > > The planning reliability for those who would maintain the legacy branches > > in replacement of original package owners. Assume we [the FE project] > > transferred the FE3 branch into maintenance state tomorrow, because the > > newly formed security response team had had announced that they wanted to > > tackle the problem of keeping FE3 secure as long as FC3 is maintained by > > Fedora Legacy. Do we want to keep the gates wide open and permit arbitrary > > contributors to fill FE3 with new packages which make FE3 grow and may > > need to be fixed by the security team sooner or later? I think we don't > > want that. > > I can't see how it is different for current releases. The same exactly > applies for current releases (I substituted FE3 by FE4/FE5...): The difference is that the number of packages in the legacy release does not increase, while the active and development branches still grow (and shrink where orphans are removed from devel). This means the security team faces a known constant number of packages when they start and try (!) for the first time whether keeping FE3 in maintenance state is feasible. That is the minimal level of planning reliability (influenced by a multitude of factors) they can get. It is exactly like Fedora Legacy started. Trial-and-error. Start with a few contributors and find out whether the workload is doable. Else stop supporting a release due to lack of resources (= often lack of interest). The entire thing is a feasibility study. Now, if you argue that FE4 and FE5 will contain many more packages than FE3 when they are declared legacy, well, do we discuss scalability now as the most-important criterion? Who says that FC4 will be maintained as long as FC3 or RHL9? Who says that FE3 is still maintained when FE5 is added to the set? And sure, the security team may need to scale well as FE grows. But it's more important to start somewhere, avoiding a moving target. > A package added in FE4/FE5 will have to be maintained much longer than a > package added in FE3. ? > And in my opinion it is better to have a package added > to the FE3 branche by a contributor really willing to maintain that branch > than a package added to FE4/FE5 by a contributor that don't want to really > take care of that package in the long term. Once and for all, it does not matter whether individuals may be able to maintain their packages for a dozen distribution versions, always up-to-date, always secure, always bug-free. The state of the package _universe_ for a given distribution version is what matters. -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
