On Thu, Jan 30, 2020 at 08:40:57AM +0530, Huzaifa Sidhpurwala wrote: > On 1/30/20 3:19 AM, Richard W.M. Jones wrote: > > On Wed, Jan 29, 2020 at 10:26:56PM +0100, Miro Hrončok wrote: > >> Here is an initial (albeit randomly generated) proposal of X and Y: > >> > >> severity CRITICAL/HIGH MEDIUM LOW > >> X 2 4 6 > >> Y 2 4 6 > > > > In RHEL, low impact security bugs wouldn't normally be fixed until the > > next minor release, which would be 6-12 months after the issue is > > reported. I don't think it's valuable to badger packagers about bugs > > that have "minimal consequences" to use the terminology from > > > > https://access.redhat.com/security/updates/classification > > There are various reasons why lows are not fixed immediately in RHEL, > including the fact that customers dont like too many updates because of > production systems downtime. Not all of them may be applicable for > fedora users. > > The above being said, i am ok with deferring lows, but please lets fix > or close others? Yes, what I said above only applies to low impact bugs, in case it wasn't clear. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
