Re: Linux Core Consortium
On Fri, 2004-12-10 at 10:07 +0100, Wouter Verhelst wrote:
> If this is what's going to happen, then the first time a security fix
> comes along in one of those binaries the system suddenly isn't
> LCC-compiant anymore (due to the fact that different distributions
> handle security updates differently -- one backports fixes, the other
> throws in the newest upstream release).
Because the LCC is developed collaboratively by the distros that use it,
this won't happen--the security fix will be applied to the LCC core,
and the distros that are based on the LCC will incorporate the result
in a uniform, consistent manner. In other words, there will be a single
security update policy, not divergent ones for each LCC-based distro.
> It'll also severely hurt a distribution's ability to easily update to
> the newest upstream, or even to release when it's ready (but the next
> version of the LCC for some reason isn't).
The LCC core will be reproducible from source, so if a distro wishes
to do something differently, it may do so--though at the risk of losing
certifications (and the ability to call it LCC-based, since it won't
be, by definition, as long as its core is different from the LCC core).
"All men dream: but not equally. Those who dream by night in
the dusty recesses of their minds wake in the day to find that it was
vanity: but the dreamers of the day are dangerous men, for they may
act their dreams with open eyes, to make it possible." -T.E. Lawrence