Problems with bodhi and security updates
Ville Skyttä
ville.skytta at iki.fi
Sun Jan 27 08:32:05 UTC 2008
Hi,
xine-lib 1.1.10, another recent xine-lib security release, was released
yesterday. I tried to get it shipped ASAP, but bodhi does not let me file a
request to push it directly to stable. All the "mark as stable" etc
functionality is visible in the UI, but when invoked, bodhi turns the request
into a testing one (including when it's already in testing!) and tells me
that it's waiting for security team approval.
So, the result is that if I had not marked the package as a security update,
it would be now in the updates repo. Now it's only in testing. Bodhi seems
to be entirely happy with requesting non-security updates directly to stable,
but security ones need to go through testing. To me this logic is the exact
opposite of what it should be (if we want to prevent pushing directly to
stable in the first place).
What am I expected to do now? Do I need to wait/watch when the security team
approval comes and then go try request it to be pushed to stable or will that
happen automatically? I'm tempted to revoke the current request and file it
again as a regular bugfix one so it could go directly to stable updates
ASAP... (only half kidding)
Also, there used to be a text box where I could enter the CVE numbers of
security issues fixed by an update. I don't see it any more, was it removed
on purpose?
More information about the fedora-devel-list
mailing list