Extras Security Policy

Michael Schwendt bugs.michael at gmx.net
Thu Sep 8 14:01:20 UTC 2005

On Thu, 08 Sep 2005 13:40:00 +0200, Christian.Iseli at licr.org wrote:

> On the other hand, everything is out there, opened, in the CVS.  Nothing 
> prevents any motivated volunteer to go ahead and fix a security issue in any 
> package.  Sure, it'd probably be considered "impolite" by some.  Maybe we need 
> a simple rule that says "Security patches can be applied by any maintainer on 
> any package, in a first come first served basis, with proper advertisement on 
> the FE list" or some such...

If at all => bugzilla!

Security fixes may require version upgrades, and you don't want to
interfere with what the primary package maintainer may be preparing and
testing already while you go and modify his package.

That's a box you don't want to open.

Rather than "any packager touching any package", I'd prefer official
co-maintainers who divide the package maintenance efforts and take
care of a package beyond occasional security patches.

More information about the fedora-extras-list mailing list