On Wed, 20 Apr 2011 11:02:12 +0300
Axel Thimm <Axel.Thimm@xxxxxxxxxx> wrote:
> On Tue, 2011-04-19 at 11:05 +0200, Michael Schwendt wrote:
> > You've tried to select "stable" as the target already when
> > submitting the updates, and bodhi rejected that. With the CVEs
> > mentioned for Mediawiki, why didn't you choose "security" instead
> > of "stable"?
>
> But I did. All packages are marked as "security updates" in their
> "type". As a target ("request") you only have the choice "testing" or
> "stable" (and "none"). There isn't any from that mentions "security"
> and "stable".
Right. Security updates aren't allowed to just go direct to stable
either.
> E.g. the packages are marked as security updates and whatever the
> cause, autoqa, missing karma, missing time, for some reason (partly
> undisclosed as mentioned in my post yesterday) bodhi rejects them.
> IMO if the packager marks the package as as security update bodhi
> should stay out of the way and allow a human to decide on pushing the
> update or not. ATM bodhi cuts me off the pushers.
Sadly, this is not practical.
Several points to note:
The various update streams flow differently. For a normal day,
EPEL4/5/6 might have about 2-20 updates. It might be practical to look
at all these for a quick glance. f14 (updates and testing) has around
30-50ish. f13 has around 5-20, and f15 has too many to even count. ;)
It's just not at all practical to have the people signing the updates
look at each one for critera.
We have had security updates that caused considerable problems. If the
update is an important one, enlist users of that software to help test
and +1 it.
kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
