Re: Thunderbird bz 579023 still not fixed even though there is an upstream fix available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2010-04-29 at 10:58 -0700, Christopher Aillon wrote:
> I really think that as a project, we'd be doing a lot better if we 
> mandated upstream review before applying patches to any package if you 
> aren't an upstream maintainer of the code.  As it is now, it's somewhat 
> scary to think how many packagers would take a bugfix patch and apply it 
> without being able to figure out if there's a potential hidden exploit 
> in it...

Review, perhaps, but not approval.  Fedora and upstream are independent
organizations each pursing their own goals.  Trademarks aside, Fedora
shouldn't be bound by upstream decisions any more than upstream is bound
by our packaging guidelines or obliged to accept patches to comply with
them.  For comparison, disapproval from upstream libpng sure didn't stop
Mozilla from patching libpng with APNG support.

And the relevant qualification for a reviewer is knowledge of the code,
not affiliation with upstream.

-- 
Matt

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux