Extras Security Policy
Christian.Iseli at licr.org
Christian.Iseli at licr.org
Thu Sep 8 11:40:00 UTC 2005
rc040203 at freenet.de said:
> And we all missed libcddb+libcdio soname screwup ca. 4 weeks ago, as well as
> we missed the C++-ABI breakage which recently occurred with some package (I
> don't recall which it was), as well as we all let many spec changes and
> package update pass without any QA.
Yes, we miss things. But I don't think long rules and processes will help
much. As things stand, there are already quite a few unreviewed packages in
bugzilla. I'd hate to see the list if FE required all changes to pass through
a similar QA process.
On the other hand, everything is out there, opened, in the CVS. Nothing
prevents any motivated volunteer to go ahead and fix a security issue in any
package. Sure, it'd probably be considered "impolite" by some. Maybe we need
a simple rule that says "Security patches can be applied by any maintainer on
any package, in a first come first served basis, with proper advertisement on
the FE list" or some such...
Christian
More information about the fedora-extras-list
mailing list