Security fixes in Extras
Josh Boyer
jwboyer at jdub.homelinux.org
Fri Jan 13 21:15:46 UTC 2006
> Because I maintain a package (denyhosts) which contains a daemon that
> runs continuously as root, the issue of how to handle security fixes
> for packages in extras interests me greatly.
>
> Some questions:
>
> Is there any defined procedure for handling security fixes?
No.
> What if the maintainer is out of pocket?
Others with CVS access should make the fix in cases like this.
> If I need to push a security fix, is there a way to jump ahead in the
> build queue and expedite the sign and push process?
Not that I know of. Expediting the sign/push process could be done by
asking someone with access to the buildsys to do the push I suppose.
> Is there somewhere I could send an update announcement?
Here is the best place I think. There is no fedora-extras-announce list.
Now the real question is, should there be some sort of defined policy for
security fixes?
josh
More information about the Fedora-maintainers
mailing list