Am Montag, den 22.05.2006, 08:40 -0500 schrieb Jason L Tibbitts III:
>>>>> "DG" == Dennis Gilmore
<dennis(a)ausil.us> writes:
DG> We have under a month to get FE3 up to scratch or support will be
DG> turned off.
Something sounds wrong with this.
Slightly.
I mean, FE3 has all sorts of
problems including unfixable broken dependencies
Is it that bad?
and somehow it's up
to us to meet some deadline for fixing problems there?
No! Only those that are interested it it. (see below)
Not that there's anything wrong with fixing security issues in
FE3,
but I don't understand why the onus is put entirely on us.
The concept was round about this:
Security Team starts working. It should track the current releases (e.g.
FE4 and FE5) (no that was never written down anywhere -- that was
probably obvious).
There were people (dgilmore, probably others) that wanted to keep FE3
alive. Some other people didn't like the idea, but we sort of had a
compromise: If the security team (or only parts of it, e.g. dgilmore,
others) track FE3 probably and fix open issues in an acceptable amount
of time (e.g they get the package maintainers to fix their packages or
someone else like dgilmore and/or the security team fixes it) then we
leave FE3 open in "Maintenance state".
This was the proposal we agreed on (the last para is the important one
for this discussion):
=== EOL.
When a Fedora Core release reaches Maintenance state (such as Fedora
Core 3 reached when Fedora Core 5 Test 2 was released), the
corresponding release of Fedora Extras will also enter a Maintenance
state. In this state maintainers will be allowed to issue updates to
existing packages, but Maintainers are strongly urged to only issue
severe bugfix or security fixes. New software versions should be avoided
except when necessary for resolving issues with the the current version.
Branches for new packages in CVS are not created for Distributions
that are in Maintenance state. FESCo can approve exceptions of this rule
if there are good reasons for it. The official package maintainers are
urged to fix their packages also for Distributions that are in
Maintenance state. They should work hand in hand with the "Security
Response Team" in case they don't have access to older
distros anymore to test their updates.
When the Fedora Project drops support for a Fedora Core release the
corresponding Fedora Extras is also dropped -- read this as
"End-of-life, no new updates,support for that EOL distro will be removed
from the Extras buildsys".
The EOL Policy depends on the creation and a working Security Response
Team and especially the part of it that "will lend assistance as needed"
if the maintainer is unable to fix the package -- if that group does not
start working properly until June 15 2006 we'll send out a EOL for
Fedora Extras 3 -- means: "Packagers can still update things in cvs and
build updates for now, but the official state of Fedora Extras 3 is
'unsupported and End of Life'". In that case we'll try to improve for
FE4 and later.
Hope that clarifies some things.
CU
thl
--
Thorsten Leemhuis <fedora(a)leemhuis.info>