[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Problems with bodhi and security updates


xine-lib 1.1.10, another recent xine-lib security release, was released 
yesterday.  I tried to get it shipped ASAP, but bodhi does not let me file a 
request to push it directly to stable.  All the "mark as stable" etc 
functionality is visible in the UI, but when invoked, bodhi turns the request 
into a testing one (including when it's already in testing!) and tells me 
that it's waiting for security team approval.

So, the result is that if I had not marked the package as a security update, 
it would be now in the updates repo.  Now it's only in testing.  Bodhi seems 
to be entirely happy with requesting non-security updates directly to stable, 
but security ones need to go through testing.  To me this logic is the exact 
opposite of what it should be (if we want to prevent pushing directly to 
stable in the first place).

What am I expected to do now?  Do I need to wait/watch when the security team 
approval comes and then go try request it to be pushed to stable or will that 
happen automatically?  I'm tempted to revoke the current request and file it 
again as a regular bugfix one so it could go directly to stable updates 
ASAP... (only half kidding)

Also, there used to be a text box where I could enter the CVE numbers of 
security issues fixed by an update.  I don't see it any more, was it removed 
on purpose?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]