The new Update Acceptance Criteria are broken

Till Maas opensource at till.name
Sun Nov 14 12:59:24 UTC 2010


On Sat, Nov 13, 2010 at 02:22:42PM +0000, Matthew Garrett wrote:
> On Sat, Nov 13, 2010 at 10:21:30AM +0100, Till Maas wrote:
> 
> > The documented issues do not seem to be as bad as a system being
> > exploited. It is only about dependency breakage or services not working
> > anymore. There is no major data corruption requiring access to backups
> > and restoring the whole system. But this is what people using Fedora
> > with proftpd and being exploited have to do.
> 
> If security updates break functionality then people will stop applying 
> security updates.

If there are no security updates, people can not apply them. So what is
worse? If people stop applying updates, then it is at least their
decision. If there are no updates, people can only choose not to use
Fedora. E.g. either build the applications themselves or use another
distribution. But this is not a viable goal.

The optimal case is to provide well tested security updates fast, but
this is not what Fedora achieves. In my example there is no indication
that the update was especially tested, because it did not get any karma.
And it was not provided fast.

Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20101114/c85c8d78/attachment-0001.bin 


More information about the devel mailing list