Fedora EOL Security Updates

[Marc Schwartz]

Basil Mohamed Gohar <abu_hurayrah at hidayahonline.org> writes:
> I'll grant that I've not been involved with Fedora nearly as long as
> everyone else here, but I don't understand why, just because something
> failed before, it cannot be tried again?  This is just a request for
> help, it's not an official policy?  What's the use in shooting it down?
> The Fedora project is, as I understand it, driven but what the community
> wants.  So, if a segment of the community wants something, no matter how
> small, why fight it?  I don't see any request for official resources
> from anyone.  If someone wants to help, then go right ahead.
>
> One or more failures in the past cannot mean that we cannot try again.
> This is surely not the precedent we want to set, is it?
>
> I think the intention amongst the Fedora-EOL team right now is to just
> lengthen support, at least for security, by one or two releases.  This
> is not an attempt at offering LTS for Fedora at this time.  This is what
> I've gleaned from within #Fedora-EOL.  I hardly think that's
> unreasonable.
>
> If this grows, _naturally_, into something akin to LTS, maybe by 2
> years, why would anyone complain?  Let it fail if you think it will.
> How many successful projects were built upon myriad previous failures?

There is a colloquial definition of "insanity":

"Doing the same thing, the same way, over and over again, while
expecting a different outcome each time."

If you don't change the process, you won't change the outcome.

To quote Jesse Keating when FL shut down, from:

http://news.cnet.com/Long-term-Fedora-Linux-support-ending/2100-7344_3-6146604.html

"Nobody has responded to our calls for help," Keating said. "There are a
good number of consumers, people who will happily consume until the
project ends; however they are not willing to actually do any of the
work necessary to keep the project alive."

In other words, FL had a parasitic, not a symbiotic, relationship with
its users.

If Scott is willing to do the heavy lifting and he has people that will
step up with him to do the heavy lifting, then this project might have a
chance. On the other hand, if people just want the output, but are
unwilling to step up to contribute to the input, then this project, like
FL will fail. It might take months, but it will fail.

As I tell my kids, it's fine to want or to have dreams. But if you
really want it bad enough, then you have to be willing to take an
informed risk and work your butt off to make it happen, or move on. It
does not happen just because you want it to happen.

If Scott is an entrepreneur in the true spirit, then my comments should
only serve to embolden him. If they serve to dishearten him, then he
really needs to think about his commitment to this and whether or not he
is willing to do the hard work to make it reality. He also needs to
consider just how large of a portion of the Fedora community really
wants it. 

Clearly, it is not a majority or RH would have to give serious
consideration to altering the current Fedora life cycle. So, is it 20%?
10%? 5%? 1%?  Those are not numbers that would give me cause to move
forward with this. I am a firm believer in Pareto's 80/20 Rule. Make
sure that the product or service meets the needs of 80% of your target
market. Meeting the needs of the other 20% will bankrupt you.

FL was also based upon the perception that there was a significant
proportion of the Fedora community that wanted longer support. Keep in
mind that FL provided only bug and security fixes, not functional
updates. While Scott has proposed to only provide security fixes, that
will still require a substantial number of people who will have to step
up and enable these things to occur in a reasonable time frame. IMHO,
once a month is not sufficient for security updates. 

Also, bear in mind that FL had RH financial, infrastructure and
personnel support behind it at some level and it still failed. I don't
get the sense that Scott has such support here.

If Scott is serious about this and wants to avoid the problems that led
to FL's failure, he ought to contact the former FL leadership to gain
some insight into their assumptions, their implementation and what they
could have or should have done differently that might have led to a
different outcome.

Let's face reality. I have been using RH/FC/F since the RH 8.0
betas back in 2002. From day one, when RH made the transition from RH9
to FC1, it was clearly stated that the expectation for FC was 2 to 3
releases per year, with short support time frames. It was going to be a
platform for the aggressive development of desktop Linux. If we were
going to ride the Fedora Train, we knew what we were getting into. 

If you buy a Ferrari, expect problems. Don't complain when it only gets
8 miles to the gallon, spends time in the shop or you can't fit your
family into it. You should have bought a Toyota and made a bad choice.

If RH wanted a Fedora LTS, they would step up and make the commitment to
make it happen. A Fedora LTS would likely in some measure, cannibalize
RHEL revenues, so why should RH enable it? Fedora exists, in large
measure, because of RH's commitment to build it, fund it, provide the
infrastructure and personnel. Yes, the Community is now an active
participant in Fedora and has done some amazing things. It did not start
out that way. But...if RH disappeared from the scene, Fedora's future
would be uncertain. Don't underestimate RH's influence here.

Ubuntu is in much the same situation. If it were not for Shuttleworth's
millions and Canonical, Ubuntu and Unbuntu LTS would not exist. Ubuntu
does not exist purely because a small group of people got frustrated
with Debian's development and release policies. It took an entrepreneur
like Shuttleworth to step up with a load of money to make it happen.

Oh and BTW, despite all of that, Ubuntu's future is not guaranteed
either:

  http://news.cnet.com/8301-1001_3-10075890-92.html

Regards,

Marc Schwartz