Mailinglist Archive: opensuse-factory (1233 mails)

< Previous Next >
Re: [opensuse-factory] Re: Thoughts About the "Contrib" repository
  • From: Cristian Rodríguez <crrodriguez@xxxxxxx>
  • Date: Tue, 11 Nov 2008 12:24:38 -0300
  • Message-id: <4919A3B6.8080701@xxxxxxx>
Andreas Jaeger escribió:

What I
don't know yet is how the interaction should work.

Same here, In case I figure it out will suggest some steps ;)

We currently need to
have a Novell packager to answer these questions:
* how to handle security updates?

Im my opinion, these packages should go in _regular_ security
maintenance using the same process except for some changes

* We add some community man power to the security and maintenance team
(how? dunno)

* We either open SWAMP or create an alternative process to actually
deliver the updates (again, how ? no idea..)

* Packages get minor version updates when security issues appear, if
there is no minor version update and major version update are
incompatible or there are other dependant packages that will break,
create "backports" of fixes.


Some of these are confidential when
they get reported?

Issues are sometimes confidential for a while in order to allow vendors
to release fixes before it goes public... I think is not possible to
force volunteers to deliver a fix in a certain number of days/weeks,
considering they work in their spare time..


* how to handle maintenance for enterprise products for these packages?

Awww.. this getting tricky.. :-)

--
"Divinity and Lust Are forever forbidden to meet"

Cristian Rodríguez R.
Platform/OpenSUSE - Core Services
SUSE LINUX Products GmbH
Research & Development
http://www.opensuse.org/


< Previous Next >
References