Extras Security Policy

Christian.Iseli at licr.org Christian.Iseli at licr.org
Thu Sep 8 11:40:00 UTC 2005

rc040203 at freenet.de said:
> And we all missed libcddb+libcdio soname screwup ca. 4 weeks ago, as well as
> we missed the C++-ABI breakage which recently occurred with some package (I
> don't recall which it was), as well as we all let many spec changes and
> package update pass without any QA. 

Yes, we miss things.  But I don't think long rules and processes will help
much.  As things stand, there are already quite a few unreviewed packages in 
bugzilla.  I'd hate to see the list if FE required all changes to pass through 
a similar QA process.

On the other hand, everything is out there, opened, in the CVS.  Nothing 
prevents any motivated volunteer to go ahead and fix a security issue in any 
package.  Sure, it'd probably be considered "impolite" by some.  Maybe we need 
a simple rule that says "Security patches can be applied by any maintainer on 
any package, in a first come first served basis, with proper advertisement on 
the FE list" or some such...


More information about the fedora-extras-list mailing list