On Thu, Jan 30, 2020 at 02:28:30PM +0100, Kevin Kofler wrote: > Daniel P. Berrangé wrote: > > Ignoring low bugs also probably isn't a viable stragegy > > for EPEL, because that's a long life distro stream, and > > so won't automatically get low CVE fixes via a rebase > > in 6 months like we do in Fedora. So the CVE mountain > > is even bigger for EPEL, and also more serious due to its > > long lifecycle. > > Given that RHEL completely ignores low-impact security issues, I do not see > why EPEL should be held to a higher standard than RHEL itself. This description of RHEL security issue handling is just plain wrong, they are not ignored. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
