On Tue, Jan 21, 2014 at 4:32 PM, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > On Tue, 21 Jan 2014 16:26:19 -0500 > Dan Scott <denials@xxxxxxxxx> wrote: > >> Hi: >> >> A few hours ago I submitted requests to push perl-MARC-XML directly to >> stable (by filling out the "fedpkg update" request with type=security >> and request=stable) > > You cannot push any update directly to stable. > > Security updates have to go though the same process as any other > update. Okay, then I'll remove the conflicting information from http://fedoraproject.org/wiki/Package_update_HOWTO that says: "If you feel that community testing is unnecessary for your update, you can choose to push it straight to the stable fedora-updates repository instead. Pushing directly to stable skips peer review and is strongly discouraged!! Note that security updates follow a slightly different process ." (and which led me to the security update process that assumes that the packager is coming at this after the CVE has already been published and the Security Response Team has already opened a bug, rather than the packager him-or-herself proactively handling the issue). Hmm. Why does the "fedpkg update" template even offer a "stable" request option, then, if the only real option is "testing"? <snip more reassurance that security updates follow normal update process> >> P.S. Please find here more apologies about only packaging updates on >> an irregular basis and therefore not being 100% plugged in :/ > > It happens. Consider adding some co-maintainers to help out. I'm not entirely sure how to interpret that suggestion. I jumped on this within minutes of the upstream security release announcement, so I don't think you're suggesting that I was slacking. It is my first time handling a security release, and I ran into package update instructions that conflicted with what I was experiencing, so I asked questions to clarify that conflict--and I don't think they were stupid questions. I tried asking on #fedora-devel (but was ignored) before posting here for what I thought was a time-important matter due to the security considerations. What kind of help would co-maintainers have offered in this case? -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
