On Fri, September 23, 2005 3:21 am, Jesse Keating said: > On Fri, 2005-09-23 at 08:07 +0300, Pekka Savola wrote: >> I suggest changing the policy so that packages in updates-testing >> which haven't got any VERIFY votes could: >> >> - after 2 weeks, marked with a timeout >> - after the timeout of 4 weeks [i.e., 6 weeks total] be >> officially published >> >> (And rp-pppoe and squid currently in updates-testing could be released >> immediately upon the acceptance of this policy.) > > If nobody else has a (reasonable) objection, I'm inclined to agree with > this. > I'll second (third?) that. If there isn't a large enough user base for a package that we can get verifies, I think that releasing the security fix after a timeout is a good thing. We may need stipulations for this for more 'critical' packages (kernel, glibc, etc. come to mind), but those usually have quite a bit of interest and therefore get tested more extensively. -Jeff -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
