On Thursday 09 September 2004 11:23 am, David Botsch wrote: > I do tend to think we should try and not release broken packages. That is > something that annoys lots (myself included) when RedHat releases a package > that breaks something critical (such as process accounting). > > I would propose the following: > > after two PUBLISHes, the package goes to updates-testing as current > > If this is a critical hole (say, a remote exploit), we immediately release > the package to updates > > If the hole is not as critical, then we go through the normal QA process. > Two VERIFYs are after some period of time (say one week) with no > objections, the package goes to updates > I think that's a good idea. If people are concerned that a package isn't going to get enough QA, then request 5 VERIFYs and then immediate release to updates. There will be more than enough people willing to VERIFY a package if it's a remote exploit. - Si > > -- > > > > fedora-legacy-list@xxxxxxxxxx > > http://www.redhat.com/mailman/listinfo/fedora-legacy-list -- Simon Weller LPIC-2, BCIP Systems Engineer NZServers LTD http://www.nzservers.com/ U.S. Branch <- To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it. - Scott Granneman, Security Focus -> -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
