Re: Fedora 35 security update of curl blocked for a month

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 2, 2021 at 7:48 AM Kamil Dudka <kdudka@xxxxxxxxxx> wrote:
>
> On September 22 I submitted a Fedora 35 update of curl, which obsoleted
> a previously submitted security update of curl.  The update has reached
> karma +13 since then, yet I was unable to make Bodhi push the update to
> stable:
>
>     https://bodhi.fedoraproject.org/updates/FEDORA-2021-1d24845e93
>
> I can see that there are some automated tests failing but I have no idea
> where the tests come from or how to waive their results.  The tests
> directory in the f35 branch in Fedora git has not been touched since 2017:
>
>     https://src.fedoraproject.org/rpms/curl/c/c7e4ac60
>
> Any idea how to move the update forward?

Well I don't know about the tests but you could have filed it as a
blocker/freeze exception [1] for F-35 as we have a policy for fixing
CVEs for things that are shipped in core artifacts because things like
installers/Live images etc aren't updated over the life of the
release, that ship has now sailed but please be aware of the process
going forward especially for something as core as curl.

[1] https://qa.fedoraproject.org/blockerbugs/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux