New policy for orphaning/retiring packages with open security bugs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



FESCo accepted [1] a new policy to handle packages with long-standing
known security bugs in a way similar to FTBFS bugs:

  AGREED: If a CRITICAL or IMPORTANT security issue is currently open
  against a package, or a security issue of lower severity has been
  open for at least 6 months, four weeks before the branch point a
  procedure similar to long-standing FTBFS will be triggered
  immediately, with 8 weeks of weekly notifications to maintainers and
  subsequent orphaning and then subsequent removal from distribution.
  This applies to all packages, not just leaf.

This policy will apply to F30 and later. The branch point is on
2019/02/19, so somewhere around January 22 the procedure should start
with notifications being sent out. Maintainers are of course encouraged
to fix any security issues immediately. See [2] for a list of currently
open security bugs.

[1] https://pagure.io/fesco/issue/1935#comment-528180
[2] https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=SecurityTracking%2C%20&keywords_type=allwords&list_id=9337195&order=changeddate%2Cpriority%2Cbug_id&product=Fedora&query_format=advanced

Zbyszek,
on behalf of FESCo
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux