Stephen Gallagher wrote: > Generally, whenever Node.js issues a security release, they do so for > multiple issues simultaneously. When Product Security then goes and creates > Bugzilla tickets, they create many (sometimes up to five bugs per CVE). It > becomes nearly impossible to keep up with the bug maintenance in such > situations. The process is just too heavyweight and I often end up just > doing the upstream releases and ignoring the BZs. > > If we want this to be more accurate, we really need to have a more > streamlined and/or automated solution for these issues. Of course, the real solution would be decent code quality upstream, so that security fixes would be rare, not come in heaps. Björn Persson
Attachment:
pgpohyvt4LaQp.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
