On Fri, 27 Mar 2015, Kevin Fenzi wrote:
On Fri, 27 Mar 2015 15:03:59 +0200
Alexander Bokovoy <abokovoy@xxxxxxxxxx> wrote:
My primary worry is CVE handling. These delays are not helping in
getting security fixes delivered. I'm not fighting for dropping
certain type of content but rather for prioritization.
Right, as I noted at the end of that other long mail, there's
discussion about a 'urgent updates' repo for security updates.
The initial thought was that it would just contain 'urgent' level
stuff, not high or moderate, but it's not set in stone yet.
Also, do realize we have had cases where fixes to security issues were
rushed out and ended up being broken/not really having been tested
because everyone was rushing so much.
Is there a way to see if there are going to be huge updates?
Perhaps it would help to plan around pushing relatively more important
updates by seeing what is the load on the machinery. In this particular
case I'm after we have CVEs to publish co-related with RHEL advisory
which went out yesterday so Fedora updates just got into a wave of
texlive, but for future doing FreeIPA releases we may simply see if
moving release a day or two into future would allow us to escape the
wave.
--
/ Alexander Bokovoy
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct