releasing updates-testing packages without VERIFY votes
Jeff Sheltren
sheltren at cs.ucsb.edu
Fri Sep 23 11:35:14 UTC 2005
On Fri, September 23, 2005 3:21 am, Jesse Keating said:
> On Fri, 2005-09-23 at 08:07 +0300, Pekka Savola wrote:
>> I suggest changing the policy so that packages in updates-testing
>> which haven't got any VERIFY votes could:
>>
>> - after 2 weeks, marked with a timeout
>> - after the timeout of 4 weeks [i.e., 6 weeks total] be
>> officially published
>>
>> (And rp-pppoe and squid currently in updates-testing could be released
>> immediately upon the acceptance of this policy.)
>
> If nobody else has a (reasonable) objection, I'm inclined to agree with
> this.
>
I'll second (third?) that. If there isn't a large enough user base for a
package that we can get verifies, I think that releasing the security fix
after a timeout is a good thing. We may need stipulations for this for
more 'critical' packages (kernel, glibc, etc. come to mind), but those
usually have quite a bit of interest and therefore get tested more
extensively.
-Jeff
More information about the fedora-legacy-list
mailing list