On 29. 01. 20 22:49, Richard W.M. Jones wrote:
On Wed, Jan 29, 2020 at 10:26:56PM +0100, Miro Hrončok wrote:Here is an initial (albeit randomly generated) proposal of X and Y: severity CRITICAL/HIGH MEDIUM LOW X 2 4 6 Y 2 4 6In RHEL, low impact security bugs wouldn't normally be fixed until the next minor release, which would be 6-12 months after the issue is reported. I don't think it's valuable to badger packagers about bugs that have "minimal consequences" to use the terminology from https://access.redhat.com/security/updates/classification
My idea was that within half a year, it should be wither fixed or CLOSED as WONTFIX or UPSTREAM. If we don't agree, I'm completely fine making it 12 months or even ignore such bugs in the policy entirely.
-- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
