On 04/27/2010 02:55 PM, Kevin Kofler wrote: > I think that, sure, we should try to get patches upstreamed, but I don't see > why we'd need to wait for their approval before applying them, other than > due to the aforementioned trademark bureaucracy. You really don't see the value in having the engineers that own the code give technical review? > Firefox and Thunderbird are the ONLY high-profile packages in Fedora working > that way, and there must be very few packages in Fedora being maintained in > this style. Getting sign-off is standard practice for the kernel too. Maybe we should drop that package? Anyway, it's unfortunate that this really isn't done more often. I really think that as a project, we'd be doing a lot better if we mandated upstream review before applying patches to any package if you aren't an upstream maintainer of the code. As it is now, it's somewhat scary to think how many packagers would take a bugfix patch and apply it without being able to figure out if there's a potential hidden exploit in it... -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel