I read the policy [0] as "major (bug | security) fixes", and the CVE is only rated as moderate [1]. Should the policy be read as "(major bug | any security) fixes"? I am not opposed to building the update on F31 as well. [0] https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#all-other-updates [1] https://access.redhat.com/security/cve/CVE-2020-13962 On Thu, Sep 24, 2020 at 11:17 AM Ian McInerney <Ian.S.McInerney@xxxxxxxx> wrote: > > In your original email you said that this resolves CVE bug [1], which says in it: > > "NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate." > > That to me sounds like the CVE should be patched in F31 as well - so since this update fixes it, the update would be suitable for F31. > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1849735 > > -Ian > > On Thu, Sep 24, 2020 at 5:01 PM Carl George <carl@xxxxxxxxxx> wrote: >> >> F32 is fine by me. Based on the updates policy [0], I don't believe >> this update qualifies under the "major bug fixes and security fixes" >> restriction for the previous stable release. >> >> [0] https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#all-other-updates >> >> On Wed, Sep 23, 2020 at 2:54 PM Richard Shaw <hobbes1069@xxxxxxxxx> wrote: >> > >> > On Wed, Sep 23, 2020 at 2:42 PM Carl George <carl@xxxxxxxxxx> wrote: >> >> >> >> Yes, the patch is from an upstream pull request [0] that has already >> >> been merged to the master branch [1] and is planned to be included in >> >> their next release [2] (it's not part of the current 1.3.2 tag). The >> >> pull request includes a comment linking to said pull request, per the >> >> packaging guidelines [3]. Mumble's traditional push-to-talk >> >> functionality doesn't work under Wayland; this patch adds dbus calls >> >> that can be mapped to keyboard shortcuts as a workaround. I've built >> >> it like this in COPR [4] and it's worked great for me so far. >> > >> > >> > So next, question... Do builds need to be performed all the way back to f31, or is f32 okay? >> > >> > Thanks, >> > Richard >> > _______________________________________________ >> > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx >> > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx >> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx >> >> >> >> -- >> Carl George >> _______________________________________________ >> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx -- Carl George _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
