[OpenAFS] OT: on the necessity of following vendor updating policy (was: testing RPMs for 1.4.2)

Axel Thimm openafs-info@openafs.org
Sat, 14 Oct 2006 03:29:42 +0200

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 13, 2006 at 09:01:30PM -0400, Derrick J Brashear wrote:
> On Fri, 13 Oct 2006, Axel Thimm wrote:
> >o If you want to run Fedora Core, you need to keep up with the pace of
> > it. If you cannot there are RHEL and clones and other enterprise
> Actually, I signed no agreement, binding or otherwise, which said so.

That's not about any legal binding in any direction between the vendor
and the end-user, it's common sense. You didn't sign any agreement on
not periodically posting your system passwords, too, but I'm sure
you're not doing that, right?

> > your environment. Allowing security vulnerabilities to creep into a
> > large environment by design (e.g. by chosing a platform that you
> > cannot maintain as the vendor requires you to) should be
> They are no more a vendor than we are,

Fedora and the platform component it offers has a well defined vendor,
as well as a well defined vendor given "support" of the distribution
including security updates and EOL policies.

> and when you tell me how to get people to stop running OpenAFS
> 1.2.10, I'll buy you a (tasty beverage of your choice) and until
> then, I will laugh at you and just drink the tasty beverage I have
> in my hand myself (a stout from West Virginia Brewing Co)

It's not my mission to convert anyone to use anything. For openafs
legacy users it is openafs' job to educate its users, for Fedora it's
Fedora's job, both are trying their best in doing so.

The recommendation to keep on with the vendor security updates
(whoever this vendor is) still holds. If some users don't follow the
advice it's their fault if they find themselves filling they beer
glass with their teers and a frozen laughter in their face.
Axel.Thimm at ATrpms.net

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.5 (GNU/Linux)