On 3/8/07, Patrice Dumas <pertusus(a)free.fr> wrote:
On Thu, Mar 08, 2007 at 04:20:32PM -0600, Mike McGrath wrote:
> Fedora extras supports a lifecycle that is less than two years.
> Typically about 1 year. EPEL is different, requiring many years. If I
> release nagios 2.7 right now in EPEL (which I have), I'll still be
> maintaining it in 2010[1]. At which point in time nagios might not even
> exist anymore, or it could be at version 5.3. The fact is there is NO
> way you're going to get me to do backports of it if a vulnerability is
> found. Its just not going to happen, mostly because I'm a terribly
> crappy programmer. Packagers != programmers. Backporting requires
> skilled labor which not everyone (including myself) will be able to do
> for antient packages (which nagios 2.7 will be by 2010).
Then maybe nagios isn't right for EPEL main, but better suited for
EPEL 'plus'? Anyway it is not necessarilly you who will do the backport.
Maybe you know that there are debian people who fix the security bugs,
maybe there are people interested in the package, but not in fedora/RHEL
who are willing to keep old versions. (by the way nagios is an app,
isn't it?).
What package are you going to say that you will support for the next 7
years for multiple releases of RHEL [say 2.1,3.8,4.x,5.x with 7 years
for 5.x?]
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"