[Fedora-packaging] critical path security update policy

Michael Schwendt mschwendt at gmail.com
Tue Apr 21 10:16:03 UTC 2015 

On Tue, 21 Apr 2015 03:49:31 +0200, Jerry Bratton wrote:

> You're right, Michael, everything is perfect. No reason to discuss how the situation might be improved,
>

Nobody has claimed it would be perfect.

The current policy is not an arbitrary one. It has been refined from earlier
ones that had been worse. It's a trade-off already, but not carved into stone
for the next few years.

Nevertheless, rushing out all security-fix updates is not an option. One
does that only so many times to burn one's feet a single time and gain
experience that a safer road would be better. Same with working on packages
over the weekend. Enough passion provided, somebody may prepare updates
over the weekend and regret it later, if an error has slipped in.

About discussing how to avoid a critpath security-fix waiting for the two
weeks timeout (if not getting the minimum number of votes), hearing the
pros and cons is exactly what a discussion is for. However, it's not just
about demanding zero-day automated pushes of possibly untested builds.
You've only gone the "faster, faster!" route with no interest in safety
and no respect for volunteers doing the work.

> other than blaming me and other users.

That's nonsense.

> I do contribute to Fedora, and to other projects, including some of my own. I contribute through bug reports and testing and code contributions and ideas and other ways, too.
> 
> You don't know anything about me.

Is that necessary? All that counts is the contents of your mails.

> You think my name is "Jerry"? It's not.

It would be sad, if that's true and you feel you need to engage in such games
to voice your "opinion".

> I value my privacy, so I generate a new alias for almost every instance in which I file a bug report or contact a mailing list, etc. I could be Linus, for all that you know. (I'm not.) I'm willing to go through all that extra effort just to contribute while preserving my privacy.
>
> You are so unbelievably ignorant, I will waste no more time on you. I will be deleting this e-mail account now, as it has served its purpose. Others will either intelligently consider how the processes might be improved, or they'll be like you. It's out of my hands now.
> 
> I appreciate whatever contribution you're making, regardless. Farewell!

No comments.

More information about the packaging mailing list