On Tue, 2004-02-10 at 14:33, Bart Martens wrote: > I fully agree with you that (security) updates must be thoroughly tested > before they are released in Fedora Updates. However, as already > explained in this thread by others, security updates must not be > publicly tested. And why is that? Security updates, like any updates deserve the right to be publically tested. After all, they are publically disclosed; the public should have the right to test it. > By suggesting to use Proposed Fedora Updates for security updating, you > suggest the average user to use all packages in Proposed Fedora Updates. > You said it, "what happens when updates-testing software breaks your > production environment". :-) Security updates *can* break your production environment. I've known of places where there are many workstations (like at universities) where a certain lot of machines get security updates, and about three days later do the rest get the updates; this in lieu that if the security update does break something, only a certain lot of machines (in a lab) get borked. > Let's not confuse/mix security updates with other updates. Fedora needs > people in the non-public groups addressing security issues, to get > security updates released in Fedora Updates simultaneously with other > Linux distro's, without public testing. I don't know how Red Hat wants > this handed over to community people. All distros get security updates publically tested, before being pushed out in the mainstream. But I see where your argument is going - you're requesting for a Fedora Security Team. Something where a group test, and make sure the security update works. Fair enough, but I guess this is in a future fedora roadmap release =) -- Colin Charles, byte@xxxxxxxxxxx http://www.bytebot.net/ http://fedoranews.org/colin/fnu/ - Fedora News Updates
