Hints for working with CVEs?
Jason L Tibbitts III
tibbs at math.uh.edu
Fri May 5 15:35:26 UTC 2006
>>>>> "DG" == Dennis Gilmore <dennis at ausil.us> writes:
DG> My question is should I have filed a bug anyway so that we have a
DG> public record that the issue had been fixed?
I think that there's no point in filing bugs about things which have
already been fixed, especially now when we're just getting started.
However, if the fixed package is not at your local mirror then you
should definitely open a ticket.
The fact that changes had been committed doesn't mean that a build was
requested, or that it has succeeded. The packager may be unable to
request builds for whatever reason (which has happened before with
clamav; I ended up doing it). The package could even be built and
sitting in the queue awaiting someone with the signing key to do their
thing. (In the latter case, we should ping the list of package
signers, the name of which I have now forgotten but which needs to get
into the wiki ASAP.)
- J<
More information about the Fedora-security-list
mailing list