Round-up, 2004-09-09
Simon Weller
simon at nzservers.com
Thu Sep 9 16:27:23 UTC 2004
On Thursday 09 September 2004 11:23 am, David Botsch wrote:
> I do tend to think we should try and not release broken packages. That is
> something that annoys lots (myself included) when RedHat releases a package
> that breaks something critical (such as process accounting).
>
> I would propose the following:
>
> after two PUBLISHes, the package goes to updates-testing as current
>
> If this is a critical hole (say, a remote exploit), we immediately release
> the package to updates
>
> If the hole is not as critical, then we go through the normal QA process.
> Two VERIFYs are after some period of time (say one week) with no
> objections, the package goes to updates
>
I think that's a good idea. If people are concerned that a package isn't going
to get enough QA, then request 5 VERIFYs and then immediate release to
updates. There will be more than enough people willing to VERIFY a package if
it's a remote exploit.
- Si
> > --
> > fedora-legacy-list mailing list
> > fedora-legacy-list at redhat.com
> > http://www.redhat.com/mailman/listinfo/fedora-legacy-list
--
Simon Weller LPIC-2, BCIP
Systems Engineer
NZServers LTD
http://www.nzservers.com/
U.S. Branch
<-
To mess up a Linux box, you need to work at it; to mess up your Windows box,
you just need to work on it.
- Scott Granneman, Security Focus
->
More information about the fedora-legacy-list
mailing list