so, we've got FC2 now...
Matthew Miller
mattdm at mattdm.org
Tue Apr 12 15:02:50 UTC 2005
On Tue, Apr 12, 2005 at 05:14:26PM +0300, Pekka Savola wrote:
> So.. Why do we want these bugs? If Fedora didn't fix them while they
> had the responsibility, they surely shouldn't be shorned in our
> direction either ?
Um, because some of them are security bugs that they never got around to
fixing. That's kind of annoying (Fedora security process definitely seems to
be disturbingly low priority -- see the perl-suid buffer overflow trivial
root exploit, for example) but I don't really care whose responsibility it
ought to be, since there are people who are depending on us to make
available patches to secure their systems.
I think all the non-security FC2 bugs should be closed as WONTFIX, with the
note:
"Fedora Core 2 is now maintained for security updates only by the Fedora
Legacy project. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC4 test release, reopen and change the
version to match."
But I am a bit reluctant to do this to 1100+ bugs without some general
agreement that this is a good idea.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-legacy-list
mailing list