-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Fri, May 23, 2014 at 10:16:41AM -0400, Matthew Miller wrote:
On Fri, May 23, 2014 at 10:01:46AM -0400, Eric H. Christensen wrote:
> I dislike the idea of a separate repo for ultra-critical updates. Once a
> fix is available for a vulnerability it should, IMO, be shipped as soon as
> possible. I know this doesn't fit into the Microsoft model or our model of
> community testing but really as soon as you go public with a fix you've
> also just notified all the "bad guys" out there to the vulnerability and
> exactly how to exploit it. It's a race condition at that point.
I'm not sure I follow here. What do you dislike? This isn't meant to be a
hidden repo -- it's the "ship as soon as possible!" repo, so it sounds
like
you're agreeing.
I guess I don't understand the need for the extra repo. Why not just push it to
fedora-updates?
- --
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTf2V/AAoJEB/kgVGp2CYvEHoMAI2aV5YFzi29DxN0Hzsw8m/v
EBWmze1DDb6yvatSpuLxmhMbaGPXbvy3dtKSZOf7o7fcYBomEbAtymLlzYOEggH0
P2iccuKC5L41xCYlbTjDH9sAfP1/I5rH2fXnvRq6s/Pj5uygIUoWuEPRBxyvCkBt
HWBCS/BXQ6D3zaO3IEiATuyyfGSOfqED3whYS8ShJnQAPpcXIz5fEqv0m3EHa+s1
YS7SJtmMqrB4EjggS1MCOZaNOHxBBAP4ETHxCTopKx4qdDBIwv65BcL1OOeTi8I9
h+/5J6CJ0308HjQphm+LKfX09IN4UjeZmfNmYE1ZQPV24K4J4I8O/NaIhA8P9qvE
XBD8TWCNtjiSL/ra6UHYDUXg7vXNVFIYZS1NoC2MGkwb0cUISVjXfSQYbEOQE+yd
Z4SHzHLh7Opjw8eOL60Bw5SbdfG2zZJyJJXY74WNTf8Z3LmCVa6inpNdQtdcfNcY
d+r5AwPnFZQT9Unq3/6eHbHQiEA8a/ulB3N8Ouzb8w==
=4zpT
-----END PGP SIGNATURE-----