On Mon, 2004-02-09 at 18:15, lwj wrote: > > No, "testing" is not the place for security updates. When the security > > updates are released for rh9, the security updates for fc1 should > > already have gone through "testing", and be released to the public. > > > > Maybe I don't understand but I thought Fedora was a community project. > If Redhat does all the work then it would really be a Redhat project. > I suspect that even as a community project it is still a lot of work for > the Folks at Redhat. It is normal that security issues should be dealt with in small non-public groups, to prevent exploits. As I have understood in this thread, Red Hat still does this. I assume that over time, voluteers/community/outsiders should take over. > Furthermore, I suspect that many of the folks there > are donating their own time to making this project successful and for > that my hat's off to them. Very true. Especially from the fedora.us part of the Fedora Project, loads of input is coming from volunteers. Also, the merger gets quite some attention, attracting more new voluteers. The challenge is to keep them all, and have them work in the same direction, to make Fedora better than just fedora.us+rh9. Essential in this challenge (to come back to the subject) is that the security level must be at least the level of Red Hat 9. Ambitious? Yes! The concern about security appearing on this mailing list is good and should even be encouraged. The loudest whiners should be put to work. :-)
