-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Fri, May 23, 2014 at 10:16:41AM -0400, Matthew Miller wrote:
On Fri, May 23, 2014 at 10:01:46AM -0400, Eric H. Christensen wrote:
I dislike the idea of a separate repo for ultra-critical updates. Once a fix is available for a vulnerability it should, IMO, be shipped as soon as possible. I know this doesn't fit into the Microsoft model or our model of community testing but really as soon as you go public with a fix you've also just notified all the "bad guys" out there to the vulnerability and exactly how to exploit it. It's a race condition at that point.
I'm not sure I follow here. What do you dislike? This isn't meant to be a hidden repo -- it's the "ship as soon as possible!" repo, so it sounds like you're agreeing.
I guess I don't understand the need for the extra repo. Why not just push it to fedora-updates?
- --
- -------------------------------------------------- Eric "Sparks" Christensen Fedora Project
sparks@fedoraproject.org - sparks@redhat.com 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - --------------------------------------------------