Michael Cronenworth wrote:
> Fedora security updates are regularly given no testing and are pushed
> directly to stable. Perhaps you should classify your updates with a
> severity of security.
That doesn't work because security updates require security team approval
(another silly policy which was enforced despite almost everybody on the
devel list having been against it, only the security team itself wanted it)
and the security team will reject updates which are not actually security
updates. (They want to see a specific CVE and even reject updates which fix
potential security holes, asking them to be changed to regular bugfix
updates instead, unless you can show evidence for a concrete security hole.
For example, they had me change a qimageblitz update which fixed qimageblitz
requiring an executable stack on x86_64 from security to bugfix.)
Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
