RFC: Proposal for a more agile "Fedora.next" (draft of my Flock talk)
Subhendu Ghosh
sghosh151 at gmail.com
Fri Jul 26 19:30:19 UTC 2013
On Fri, Jul 26, 2013 at 8:32 AM, Reindl Harald <h.reindl at thelounge.net>wrote:
> > but to say a core / apps separation is fundamentally flawed is incorrect
>
> it is correct
>
> * go and play around with "ldd /usr/bin/whatever-application
> * look how many share openssl, nspr, nss, libxml and a lot of more
> * and now draw the picture of the result fix a security issue in libxml
>
This assumes that you have a single source for the fix delivery.
In the OS/App differentiation, you are expecting each is coming from a
different source.
Apps are either boxed, or coming from a project.
The app provider should fix their version of libxml, and the OS provider
should fix their version of libxml.
Are there periods of vulnerability? Yes.
Now, if the OS and the Apps come from the same source, example - Fedora,
could Fedora Project do something innovative such that the fix to the OS
and App arrive almost simultaneously?
Possibly - but requires rethinking the build workflow to enable
multi-target capability and a better understanding of how different
languages and applications have hidden PATH assumptions.
Is Fedora capable of innovating on this level? I think so. There are a lot
of smart folks here.
-subhendu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130726/61e42c7c/attachment.html>
More information about the devel
mailing list