Approvals for Security updates

Michel Salim michel.sylvan at gmail.com
Fri Sep 7 03:41:23 UTC 2007


On 06/09/07, Kevin Kofler <kevin.kofler at chello.at> wrote:
> Lubomir Kundrak <lkundrak <at> redhat.com> writes:
> > A week ago, there remained no time to discuss this on FESCo meeting, so
> > I was advised to post it here for comments: [1]
> >
> > [1] http://fedoraproject.org/wiki/LubomirKundrak/SecurityUpdateProcessDraft
>
> IMHO, you have to be careful that the approval process doesn't introduce excess
> delays because otherwise you'd encourage even more security updates not to be
> marked as such (and if you implement the automarking when a security bug is
> referenced, also missing Bugzilla references to avoid the security marking),
> which would be counterproductive.

How about retroactively reclassifying an update as a security update?
This would work, the only problem being that the Changelog of a
package initially unmarked would have no reference to CVE, unless the
reclassifying triggers a rebuild of the update.

-- 
Michel




More information about the fedora-devel-list mailing list