On Thu, Apr 29, 2010 at 9:58 AM, Christopher Aillon <caillon@xxxxxxxxxx> wrote: > Anyway, it's unfortunate that this really isn't done more often. I > really think that as a project, we'd be doing a lot better if we > mandated upstream review before applying patches to any package if you > aren't an upstream maintainer of the code. As it is now, it's somewhat > scary to think how many packagers would take a bugfix patch and apply it > without being able to figure out if there's a potential hidden exploit > in it... The question is... is there a communication breakdown which let this particular patch linger in the review process for too long ? And if so, what can 'we' do to address that breakdown? It definitely seems there's recognition from Mozilla that something in the communication broke down from this sidebar discussion at LWN: http://lwn.net/Articles/385171/ The question I have is.. do 'we' understand our role in driving important issues up into upstream's review que to make sure it gets looked at in a timely way? It seems to me the review process worked like it was suppose to here...but it just didn't get triggered in a timely manner...partly because we didn't jump up and down about it being important. -jef -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel