developing the "critical updates repo" plan
Eric H. Christensen
sparks at fedoraproject.org
Fri May 23 15:13:05 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Fri, May 23, 2014 at 10:16:41AM -0400, Matthew Miller wrote:
> On Fri, May 23, 2014 at 10:01:46AM -0400, Eric H. Christensen wrote:
> > I dislike the idea of a separate repo for ultra-critical updates. Once a
> > fix is available for a vulnerability it should, IMO, be shipped as soon as
> > possible. I know this doesn't fit into the Microsoft model or our model of
> > community testing but really as soon as you go public with a fix you've
> > also just notified all the "bad guys" out there to the vulnerability and
> > exactly how to exploit it. It's a race condition at that point.
>
> I'm not sure I follow here. What do you dislike? This isn't meant to be a
> hidden repo -- it's the "ship as soon as possible!" repo, so it sounds like
> you're agreeing.
I guess I don't understand the need for the extra repo. Why not just push it to fedora-updates?
- --
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks at fedoraproject.org - sparks at redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTf2V/AAoJEB/kgVGp2CYvEHoMAI2aV5YFzi29DxN0Hzsw8m/v
EBWmze1DDb6yvatSpuLxmhMbaGPXbvy3dtKSZOf7o7fcYBomEbAtymLlzYOEggH0
P2iccuKC5L41xCYlbTjDH9sAfP1/I5rH2fXnvRq6s/Pj5uygIUoWuEPRBxyvCkBt
HWBCS/BXQ6D3zaO3IEiATuyyfGSOfqED3whYS8ShJnQAPpcXIz5fEqv0m3EHa+s1
YS7SJtmMqrB4EjggS1MCOZaNOHxBBAP4ETHxCTopKx4qdDBIwv65BcL1OOeTi8I9
h+/5J6CJ0308HjQphm+LKfX09IN4UjeZmfNmYE1ZQPV24K4J4I8O/NaIhA8P9qvE
XBD8TWCNtjiSL/ra6UHYDUXg7vXNVFIYZS1NoC2MGkwb0cUISVjXfSQYbEOQE+yd
Z4SHzHLh7Opjw8eOL60Bw5SbdfG2zZJyJJXY74WNTf8Z3LmCVa6inpNdQtdcfNcY
d+r5AwPnFZQT9Unq3/6eHbHQiEA8a/ulB3N8Ouzb8w==
=4zpT
-----END PGP SIGNATURE-----
More information about the security
mailing list