On Fri, 31 Jan 2020 at 18:11, Robbie Harwood <rharwood@xxxxxxxxxx> wrote: > > I could have also needinfo(Michael) (and in hindsight I probably should > have), but based on their reaction, I don't think they would have been > any happier with that. I would have preferred private email over assigning multiple tickets to me and causing bugzilla spam for all the ticket changes including (!) multiple needinfo inquiries. > Andreas Bierfert (awjb), who was recently declared non-responsive. That could have been mentioned. Is that when some process transferred EPEL packages to me without prior asking? > My view is that there's an open security bug, so it's reasonable to want > to know whether it's going to be fixed. You consider it reasonable to look into ancient security issues after almost five years? The related tracking bugs did serve no purpose for almost five years? > Someone responsible for another branch of the > package should be able to check trivially - and is indeed the best > person to ask, since they're the most locally knowledgeable. As I've pointed out in private email, with proper reporting and tracking of those CVEs, the CVE ids would be mentioned in the spec %changelog of the Fedora package, where typically a much newer version is packaged. If none of those security issues has been reported for Fedora, it should be safe to assume that the Fedora packages have not been deemed vulnerable. > In communication with Michael, I did explain that if no one was > responsible for these branches, they should retire the branches. > Michael's view in that discussion seemed to be that the problem was one > I had created, and therefore one I should fix. (Michael can retire the > branches while I, an unrelated contributor without ProvenPackager, > cannot.) As pointed out, I don't keep an eye on EPEL. I'm completely surprised that all of a sudden I am expected to look into EPEL packaging matters. I still don't understand why I have become the assignee of EPEL tickets and possibly EPEL packages, too, when I never asked for that. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
