| 1 |
Daniel Ostrow wrote: |
| 2 |
>> You are correct, there is no clear cut place for them to go...that's how |
| 3 |
>> this thing got started in the first place. However why force users to |
| 4 |
>> sign up for something which can't be appropriately filtered (installed |
| 5 |
>> packages, keywords, use flags, profiles, etc.) when all of them are |
| 6 |
>> already "signed up" for something that can track and filter, portage. |
| 7 |
>> |
| 8 |
>> I wouldn't necessarily bother signing up for an errata list if said list |
| 9 |
>> was going to provide me with *all* the errata out there. The reason that |
| 10 |
>> a mailing list works for RedHat is because RHN tracks what packages you |
| 11 |
>> have installed on your system on *their* server (again something you |
| 12 |
>> have to sign up for, and worse send them info about your configuration), |
| 13 |
>> so the filtering is done for you. We will *never* do something like |
| 14 |
>> this, we have a client side tool that can identify what is installed |
| 15 |
>> already...why not use it? |
| 16 |
|
| 17 |
What if an admin just wants to see all errata messages because (s)he |
| 18 |
doesn't feel like aggregating the unique messages from a whole cluster |
| 19 |
of machines running Gentoo with all different packages installed? |
| 20 |
|
| 21 |
It is a well-known fact that removing seemingly useless background noise |
| 22 |
can cause relations between problems not to be recognised. Some users |
| 23 |
know that and hence would like to see all errata. |
| 24 |
|
| 25 |
Our GLSAs are sent out exactly in the same way, but there is not a word |
| 26 |
on them in the GLEP, neither does anyone seem to care about them, while |
| 27 |
they seem to me at least ***VERY*** important, that is, much more |
| 28 |
important than a message about breaking my installation. And they |
| 29 |
aren't even personalised! |
| 30 |
|
| 31 |
Users don't care about security[1], adminstrators do. |
| 32 |
Administrators don't care about breaking installations[2], users do. |
| 33 |
|
| 34 |
About the RHN subscription thing, that service is IMHO quite expensive |
| 35 |
(certainly not free) and not available to Fedora Core users. I don't |
| 36 |
think you _want_ to compare Gentoo Linux Free support to support |
| 37 |
provided by commercial entities for an annual membership fee. |
| 38 |
|
| 39 |
|
| 40 |
The issue whether news or GLSAs are important and whether they can be |
| 41 |
read or not is of relevance with regard to the motivation of the GLEP |
| 42 |
which assumes it doesn't work for anybody, while I claim it 1) doesn't |
| 43 |
work because the information is hard to find and 2) it will work for a |
| 44 |
certain group of people very well if the information would be there. |
| 45 |
|
| 46 |
To conclude my far too lengthy replies here: |
| 47 |
I'd like to see some recognition that the world isn't that flat as the |
| 48 |
GLEP suggests, thereby including opportunities for everyone to be happy |
| 49 |
with the GLEP. I already stated this in my first reply in my part on |
| 50 |
"use-scenarios". |
| 51 |
|
| 52 |
Don't worry I'll shut up now as there is clearly no interest for a bit |
| 53 |
broader thinking. |
| 54 |
|
| 55 |
|
| 56 |
[1] (linux) desktop users are of a much lower target than big companies |
| 57 |
for security exploits |
| 58 |
[2] administrators try out package upgrades on a spare box first, users |
| 59 |
usually don't have such box, or risk the potential impact |
| 60 |
|
| 61 |
|
| 62 |
-- |
| 63 |
Fabian Groffen |
| 64 |
Gentoo for Mac OS X Project -- Interim Lead |
| 65 |
|
| 66 |
-- |
| 67 |
gentoo-dev@g.o mailing list |
Archives