John Summerfield wrote:
This 'centosfix' concept could be stretched to fix some other packages with known problems until upstream gets them fixed. And is a deliberate opt-in from users that need them (and understand the risks).
We discussed this earlier as well, and till yum-security is functional on c4/c5 it looks unlikely to happen.
That seems moderately sensible, but it should be defined in the standard Centos release files. As should testing and fasttrack.
I disagree. Deliberate opt in requires people to read about the potential hole they are going to jump into. At the moment, if you dont know about them, you dont use them - you stick to whats in the distro, and therefore get the qa benefits, and you get what everyone-else-also-has.
For major updates and changes, there is CentOSPlus, which is included in the definitions already.
So neither testing nor fasttrack should be included in the default repositories setup on install ( even if they are left disabled ).