Getting FE security (team/sig) moving / on the road
Jason L Tibbitts III
tibbs at math.uh.edu
Mon Mar 6 14:29:54 UTC 2006
>>>>> "SN" == Stefan Neufeind <fedora-legacy at neufeind.net> writes:
SN> - To what degree would a newer version be allowed without the
SN> backporting-hassle?
That would be up to the maintainer. Extras has never promised
stability in the same way that Core (or Legacy) has and it certainly
isn't going to be up to the Extras security team to tell the
maintainers what they can do. Of course everyone should expect that
maintainers won't arbitrarily break everyone's systems with
incompatible updates; that just isn't within the scope of the security
team.
SN> - How about joining forces with Fedora Legacy?
There is a small amount of natural overlap for those packages that
move from Core to Extras, and of course all assistance from any sides
is appreciated. But it's important to note that there is a
fundamental difference in how the teams operate: Legacy is actually
doing the fixing, while the Extras security team exists to help the
maintainers and actually fixing packages is a last resort when the
maintainer is unresponsive. In that role the Extras security team
could certainly felicitate communication between the maintainers and
the Legacy team when it makes sense.
- J<
More information about the security
mailing list