Re: The new Update Acceptance Criteria are broken

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 12 Nov 2010 12:02:03 -0800
Adam Williamson <awilliam@xxxxxxxxxx> wrote:

> On Fri, 2010-11-12 at 14:54 -0500, Simo Sorce wrote:
> 
> > Adam why should security updates wait at all ?
> > Do you fear some packager will flag as security updates that are
> > not ? Surely we can deal with such maintainer if that happens...
> 
> I don't have a hugely strong opinion either way, but the stated reason
> by those who do is that security updates can be broken just like any
> other. We don't have a magic 'infallible' switch on packagers which we
> toggle only when they're building a security update. :)

Oh sure I don't doubt that. But in this case we need to deal with the
lesser evil.
Is it more important to close a security bug with a (small) risk of
breaking a package ?
Or is it more important to (try to) test it and leave our users exposed
for a long time to a security threat ?

If we are not comfortable with treating all security issues the same we
can have a flag that skips testing only for "remote exploit" type of
security issues. That will reduce the number of exception to the most
dangerous cases.

What do you think ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux