On Thursday 08 January 2004 16:15, Warren Togami wrote: > http://www.fedora.us/wiki/PackageSubmissionQAPolicy > We need to discuss how to change this procedure for Legacy specific > packages. Post message to either "fedora-legacy-announce" or "fedora-legacy-devel" about a suspected vulnerability or bugfix that you'd like to fix. Use "FedoraLegacy Package Naming Guidelines" instead of generic fedora.us guidelines Fix the numbering scheme... 1,2,3,4,1,2,3,4 ? why start over? Move the signing from before the optional rpmlint to after the option rpmlint. 2 initial keywords. "updates-testing" or "updates", and "security" or "bugfix" to indicate what type of update it is. Change "fedora-package-announce" to "fedora-legacy-announce". > We also need to change the definition of "trusted" for Legacy > specific packages, along with the requirements for reaching the > "trusted" status. > > Thoughts? Trusted could be a term given to those developers who've put forth and followed through with a certain number of security fixes in packages. I'd say untrusted == 0-5, semi-trusted == 6-9, trusted == 10=+. A package can inherit it's trusted status from the developer who puts if forth. Now where we use the term or what it really means to the end users is yet another point of discussion. -- Jesse Keating RHCE MCSE (geek.j2solutions.net) Fedora Legacy Team (www.fedora.us/wiki/FedoraLegacy) Mondo DevTeam (www.mondorescue.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating
