On Fri, 25 May 2018 08:55:01 -0700, you wrote: >On Fri, 2018-05-25 at 12:41 +0200, Sergio Pascual wrote: >> Hello, I'm going to build new cfitsio 3.450 in Rawhide. This involves a >> soname bump. Notice that I plan to do the same in F28 (with a buildroot >> override, etc) as cfitsio has security issues >> https://bugzilla.redhat.com/show_bug.cgi?id=1570484 > >Thanks for the heads-up, but this is still not in line with the policy: > >"When a proposed update contains an ABI or API change: notify a week in >advance both fedora-devel and maintainers directly (using the >packagename-owner@ alias) whose packages depend on yours to rebuild or >offer to do these rebuilds for them." Does that even apply for a security update, as in this case? Seems a bit dangerous to me to announce to the world there is a security hole in a library, but by the way we won't be fixing it for at least a week. Obviously ideally a security fix wouldn't require an ABI/API change, but far too many upstreams don't follow the ideal world. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/IF6D5ICOH7T2WZMYBDFIFV62H4WL2HW3/
