On Sun, 2007-06-03 at 15:49 -0400, Luke Macken wrote: > On Sun, Jun 03, 2007 at 02:32:29PM -0500, Josh Boyer wrote: > > On Sun, 2007-06-03 at 15:31 -0400, Luke Macken wrote: > > > On Sun, Jun 03, 2007 at 06:10:40AM -0400, Luke Macken wrote: > > > > On Sat, Jun 02, 2007 at 05:06:25PM -0400, Tom Lane wrote: > > > > > Luke Macken <lmacken@xxxxxxxxxx> writes: > > > > > > Once we agree on a policy, I can implement it. I've heard some people > > > > > > suggest letting updates sit in testing for 7 days, and if there are no > > > > > > complaints, then they can be pushed to the stable repo. This sounds > > > > > > fine to me, what does everyone else think? > > > > > > > > > > <cough>zero-day security patches</cough> > > > > > > > > Security updates go straight to Stable already. > > > > > > ... but will soon require an approval from a member of the security team > > > before they hit any repo. Core security updates currently require > > > approval from the Red Hat security response team. With F7, it will > > > require approval from a member of the Fedora security response team. > > > > Erm... wait. Where (other than this email) was that discussed? > > It was discussed between some members of the Fedora Security > Response Team, and was suggested by the Team Lead, Josh Bressers. > > This approval mechanism has yet to be implemented in bodhi, and I think > should require an ACK from the board/FESCo before it does. Agreed. Thanks for the clarification Luke. Let's get this added to the FESCo schedule. Could Josh Bressers perhaps attend when it gets discussed? josh -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
