Re: RFC: Security policy adjustments to make it easier to implement and more friendly to maintainers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/30/20 8:32 AM, Kevin Kofler wrote:
> Miro Hrončok wrote:
>> My idea was that within half a year, it should be wither fixed or CLOSED
>> as WONTFIX or UPSTREAM. If we don't agree, I'm completely fine making it
>> 12 months or even ignore such bugs in the policy entirely.
> 
> I don't see how it is an improvement to close security fixes that are 
> blocking on upstream (in)action as UPSTREAM, as opposed to keeping them open 
> so that it is clear to everyone that they need to be fixed.
> 
Issues which are blocking on upstream, will eventually get resolved once
upstream figures out a solution in some time, maybe with subsequent rebases.
> I think that the policy being discussed here just ought to be dropped 
> entirely, because it will do absolutely nothing to make Fedora actually more 
> secure, but only amounts to extra bureaucracy and extra work for packagers.
If fixing security issues is extra work for packagers, then we are doing
something wrong here. What percentage of security flaws will be
closed:upstream? Why do we drop other fixes for such issues and
eventually end up having tons of pending fixes.

Do we want to continue the same condition as described here:
https://mivehind.net/2020/01/28/Fedora-has-too-many-security-bugs/




> 
>         Kevin Kofler
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
> 


-- 
Huzaifa Sidhpurwala / Red Hat Product Security
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux