On 1/30/20 8:32 AM, Kevin Kofler wrote: > Miro Hrončok wrote: >> My idea was that within half a year, it should be wither fixed or CLOSED >> as WONTFIX or UPSTREAM. If we don't agree, I'm completely fine making it >> 12 months or even ignore such bugs in the policy entirely. > > I don't see how it is an improvement to close security fixes that are > blocking on upstream (in)action as UPSTREAM, as opposed to keeping them open > so that it is clear to everyone that they need to be fixed. > Issues which are blocking on upstream, will eventually get resolved once upstream figures out a solution in some time, maybe with subsequent rebases. > I think that the policy being discussed here just ought to be dropped > entirely, because it will do absolutely nothing to make Fedora actually more > secure, but only amounts to extra bureaucracy and extra work for packagers. If fixing security issues is extra work for packagers, then we are doing something wrong here. What percentage of security flaws will be closed:upstream? Why do we drop other fixes for such issues and eventually end up having tons of pending fixes. Do we want to continue the same condition as described here: https://mivehind.net/2020/01/28/Fedora-has-too-many-security-bugs/ > > Kevin Kofler > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > -- Huzaifa Sidhpurwala / Red Hat Product Security _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
