Extras Security Policy

Michael Schwendt bugs.michael at gmx.net
Thu Sep 8 21:46:55 UTC 2005

On Thu, 08 Sep 2005 19:30:11 +0300, Ville Skyttä wrote:

> On Thu, 2005-09-08 at 18:10 +0200, Ralf Corsepius wrote:
> > On Thu, 2005-09-08 at 16:01 +0200, Michael Schwendt wrote:
> > > If at all => bugzilla!
> > As long as maintainers treat bugzilla as /dev/null, and do not react
> > upon notifying them on PM, this is not a solution.
> Examples?  Public humiliation could help ;)

Exactly. We are aware of a very few packagers, who have sent their regrets
for a period of inactivity, but if there should be new names or packages
on the list, raising awareness of such incidents could help.

> > > Rather than "any packager touching any package", I'd prefer official
> > > co-maintainers who divide the package maintenance efforts and take
> > > care of a package beyond occasional security patches.
> That can be already done by just agreeing between the folks who want to
> co-maintain a package and eg. adding the maintainers' addresses to
> initialcclist in owners.list/Bugzilla if so desired.
> > And I'd suggest a "task force" with "card blanche" access to all packages.
> +1

This task force exists already in an unofficial form, albeit without any
duties (so they are not required to be grunts who straighten out issues
with arbitrary packages maintained by others). Basically, it's the
sponsors who may close gaps, touch and update orphaned packages, issue
updates when somebody is away, rebuild arbitrary packages to stay in sync
with GCC or ABI updates, but who respect package ownership nevertheless
(which means for example to not dictate spec file formatting or major
rewrites not discussed with an official package owner).

More information about the fedora-extras-list mailing list