I updated the Bodhi update in EPEL to the latest 6.7.0 security release last night. I just want to remind people that there remain only three days until EOL of 0.10.x, so I think we really need to make the cut-over today or tomorrow by providing karma to push the update to stable. It takes at least a day to make it to most mirrors. I wish we had a bit more time for this, but security updates seem to be coming at an accelerated pace lately. I missed Jim Perrin's original note about a Fedora Magazine post for EPEL and CentOS to link to (sorry about that, Jim), but I'll see if I can get something written up and published today. It's probably "too little, too late", but I'll at least provide the justification. Part of the reason I support making the cutover immediately is because the high-severity security updates from last night *also* impact 0.10.x and we don't have a meaningful way to deliver 0.10.47 to EPEL 7 right now (since the 6.7.0 package is in epel-testing). We either need to cut over to 6.7.0 or else withdraw that update, push the 0.10.47 update, wait for it to go stable and then reintroduce 6.7.0. This seems like a large amount of effort for very little benefit. (Apologies for stream-of-consciousness; I'm thinking this through as I type) I do see one alternative if we want to provide a little more time in testing for 6.x... we could do the above 0.10.47 release by pulling 6.x, *rush* that in by karma-cheating[*], put 6.7.0 back in updates testing and hold off on the cutover for X days or the next security release, whichever comes first. That's fairly convoluted and I'm not personally willing to do the work for it, but if someone wants to take over I'm game. [*] Setting karma requirements to 1 and having one of us hand-wave it.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
