Re: Fedora pagure confusion wrt EPEL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael Schwendt <mschwendt@xxxxxxxxx> writes:

> On Fri, 31 Jan 2020 at 18:11, Robbie Harwood <rharwood@xxxxxxxxxx> wrote:
>>
>> I could have also needinfo(Michael) (and in hindsight I probably
>> should have), but based on their reaction, I don't think they would
>> have been any happier with that.
>
> I would have preferred private email over assigning multiple tickets
> to me and causing bugzilla spam for all the ticket changes including
> (!) multiple needinfo inquiries.

You received a total of between 4 and 8 emails depending on how bugzilla
batched them.  My apologies for the extra 3-7.

>> Andreas Bierfert (awjb), who was recently declared non-responsive.
>
> That could have been mentioned.  Is that when some process transferred
> EPEL packages to me without prior asking?

I did mention it.  My words were that "the maintainer is no longer
active in Fedora, and you're the default assignee for the package".

Your response, by the way, was: "Would you mind becoming familiar with
the Fedora Project a bit?".

>> My view is that there's an open security bug, so it's reasonable to want
>> to know whether it's going to be fixed.
>
> You consider it reasonable to look into ancient security issues after
> almost five years?  The related tracking bugs did serve no purpose for
> almost five years?

Yes?  This shouldn't come as a surprise to you.  The whole process of
security bugs, CVEs, and the like exists to get them *fixed*.  If they
are in fact not, you might not care about EPEL, but EPEL doesn't want to
ship vulnerable software any more than you do.

>> Someone responsible for another branch of the package should be able
>> to check trivially - and is indeed the best person to ask, since
>> they're the most locally knowledgeable.
>
> As I've pointed out in private email, with proper reporting and
> tracking of those CVEs, the CVE ids would be mentioned in the spec
> %changelog of the Fedora package, where typically a much newer version
> is packaged. If none of those security issues has been reported for
> Fedora, it should be safe to assume that the Fedora packages have not
> been deemed vulnerable.

You are repeatedly ignoring that I'm not concerned about the Fedora
package.  Please stop.  You are subject mater expert for the project.
No one is better suited than you to answer the question of whether a
given version is affected or not.

>> In communication with Michael, I did explain that if no one was
>> responsible for these branches, they should retire the branches.
>> Michael's view in that discussion seemed to be that the problem was
>> one I had created, and therefore one I should fix.  (Michael can
>> retire the branches while I, an unrelated contributor without
>> ProvenPackager, cannot.)
>
> As pointed out, I don't keep an eye on EPEL. I'm completely surprised
> that all of a sudden I am expected to look into EPEL packaging
> matters. I still don't understand why I have become the assignee of
> EPEL tickets and possibly EPEL packages, too, when I never asked for
> that.

I mentioned that in my emails, and people have repeatedly explained it
to you here too.  I *also* mentioned in my email that if no one is
responsible for them to your knowledge, the proper thing to do was to
remove the branches, and provided you information on how to do so.

This isn't a silo.  We're supposed to be working together, and helping
each other.  Your responses of refusing to even consider answering
questions about EPEL, replete condescension, and refusal to actually
read what I (and others) have been saying continues to make this
difficult.  Please stop.

Thanks,
--Robbie

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux