What Fedora makes sucking for me - or why I am NOT Fedora

Kevin Fenzi kevin at scrye.com
Wed Dec 10 16:55:50 UTC 2008 

On Wed, 10 Dec 2008 01:22:12 +0100
kevin.kofler at chello.at (Kevin Kofler) wrote:

> Colin Walters wrote:
> > Just to be clear, the direct push into stable is my fault; not Red
> > Hat's or other DBus developers or anyone else's.  I had originally
> > listed it for updates-testing, but then changed the update to
> > security and in a moment of total stupidity also changed the
> > listing for stable.
> 
> Are you sure you were the one who requested the push to stable and
> not the security team (when they gave their approval for the security
> update)?

The security team doesn't change where the update is set to go to. 

> I'm asking because the way Bodhi is set up, I think the security team
> does not see where you actually intend security updates to be pushed
> to, they all show up as requests for testing until they get approval,
> and somehow they automatically get queued for stable on approval
> unless explicitly canceled.

That may be the case, but it's bodhi doing that, not the security team. 
We should confirm this behavior/fix it. 

> All this was so much simpler and more obvious before that useless
> security team approval step was introduced (without really consulting
> packagers outside of the security team). :-( What benefit does that
> approval step bring us? It's obviously not QA or this update wouldn't
> have ended up in stable!

Security team checks the update for correctness with respect to CVE(s)
fixed, that there is a tracking bug filed against the update, that it
has some information about what the vulnerability is either in the
update text or in the bug, that it points to upstream info about the
bug, etc. 

There has been some talk of removing this step, but I think it's
usefull for the above reasons. I have seen security updates come in
with no bug attached, no CVE, and text of 'security update'. This is
not usefull to our users, IMHO. I might be in a minority here tho, so
perhaps the step should be removed. 

> 
>         Kevin Kofler
> 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20081210/238fab62/attachment.sig>

More information about the fedora-devel-list mailing list