1 |
Daniel Ostrow wrote: |
2 |
>> You are correct, there is no clear cut place for them to go...that's how |
3 |
>> this thing got started in the first place. However why force users to |
4 |
>> sign up for something which can't be appropriately filtered (installed |
5 |
>> packages, keywords, use flags, profiles, etc.) when all of them are |
6 |
>> already "signed up" for something that can track and filter, portage. |
7 |
>> |
8 |
>> I wouldn't necessarily bother signing up for an errata list if said list |
9 |
>> was going to provide me with *all* the errata out there. The reason that |
10 |
>> a mailing list works for RedHat is because RHN tracks what packages you |
11 |
>> have installed on your system on *their* server (again something you |
12 |
>> have to sign up for, and worse send them info about your configuration), |
13 |
>> so the filtering is done for you. We will *never* do something like |
14 |
>> this, we have a client side tool that can identify what is installed |
15 |
>> already...why not use it? |
16 |
|
17 |
What if an admin just wants to see all errata messages because (s)he |
18 |
doesn't feel like aggregating the unique messages from a whole cluster |
19 |
of machines running Gentoo with all different packages installed? |
20 |
|
21 |
It is a well-known fact that removing seemingly useless background noise |
22 |
can cause relations between problems not to be recognised. Some users |
23 |
know that and hence would like to see all errata. |
24 |
|
25 |
Our GLSAs are sent out exactly in the same way, but there is not a word |
26 |
on them in the GLEP, neither does anyone seem to care about them, while |
27 |
they seem to me at least ***VERY*** important, that is, much more |
28 |
important than a message about breaking my installation. And they |
29 |
aren't even personalised! |
30 |
|
31 |
Users don't care about security[1], adminstrators do. |
32 |
Administrators don't care about breaking installations[2], users do. |
33 |
|
34 |
About the RHN subscription thing, that service is IMHO quite expensive |
35 |
(certainly not free) and not available to Fedora Core users. I don't |
36 |
think you _want_ to compare Gentoo Linux Free support to support |
37 |
provided by commercial entities for an annual membership fee. |
38 |
|
39 |
|
40 |
The issue whether news or GLSAs are important and whether they can be |
41 |
read or not is of relevance with regard to the motivation of the GLEP |
42 |
which assumes it doesn't work for anybody, while I claim it 1) doesn't |
43 |
work because the information is hard to find and 2) it will work for a |
44 |
certain group of people very well if the information would be there. |
45 |
|
46 |
To conclude my far too lengthy replies here: |
47 |
I'd like to see some recognition that the world isn't that flat as the |
48 |
GLEP suggests, thereby including opportunities for everyone to be happy |
49 |
with the GLEP. I already stated this in my first reply in my part on |
50 |
"use-scenarios". |
51 |
|
52 |
Don't worry I'll shut up now as there is clearly no interest for a bit |
53 |
broader thinking. |
54 |
|
55 |
|
56 |
[1] (linux) desktop users are of a much lower target than big companies |
57 |
for security exploits |
58 |
[2] administrators try out package upgrades on a spare box first, users |
59 |
usually don't have such box, or risk the potential impact |
60 |
|
61 |
|
62 |
-- |
63 |
Fabian Groffen |
64 |
Gentoo for Mac OS X Project -- Interim Lead |
65 |
|
66 |
-- |
67 |
gentoo-dev@g.o mailing list |