Re: Thunderbird bz 579023 still not fixed even though there is an upstream fix available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/27/2010 02:55 PM, Kevin Kofler wrote:
> I think that, sure, we should try to get patches upstreamed, but I don't see
> why we'd need to wait for their approval before applying them, other than
> due to the aforementioned trademark bureaucracy.

You really don't see the value in having the engineers that own the code 
give technical review?


> Firefox and Thunderbird are the ONLY high-profile packages in Fedora working
> that way, and there must be very few packages in Fedora being maintained in
> this style.


Getting sign-off is standard practice for the kernel too.  Maybe we 
should drop that package?

Anyway, it's unfortunate that this really isn't done more often.  I 
really think that as a project, we'd be doing a lot better if we 
mandated upstream review before applying patches to any package if you 
aren't an upstream maintainer of the code.  As it is now, it's somewhat 
scary to think how many packagers would take a bugfix patch and apply it 
without being able to figure out if there's a potential hidden exploit 
in it...
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux