On Wed, Nov 14, 2018 at 05:09:18PM -0500, Matthew Miller wrote: > On Wed, Nov 14, 2018 at 09:54:45PM +0000, Zbigniew Jędrzejewski-Szmek wrote: > > > > The answer is "a lot". I don't think we have any hard numbers, but > > > > see https://pagure.io/fesco/issue/1935. Generally, it seems we can't > > > > process the CVEs we get now. > > > > "This result was limited to 1000 bugs." → that's just for CVEs. > > > What happens if we limit that to a smaller subset, though? > > What do you mean? > > There are zillions of CVES across all of the packages in the entire Fedora > collection. How many are there against, say, the subset used for the IoT > spin (and potential future edition)?
bluez, nginx, systemd, mysql, gdb, bzip2, openjpg, imagemagick, shutter, exiv2, libexif, libkdcraw, glibc, php, busybox, tcpdump, bintuils, that's from the top of the list. I love Fedora, but the idea that you can take a 3 year old Fedora and put it out on the web is just bonkers. We don't have the manpower and the procedures to make Fedora suitable for this kind of use. We *could* change what Fedora is, by making it stable and long-lived, but at least I would then find a different distro to hack on. Zbyszek _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
