On Tuesday, November 2, 2021 9:14:31 AM CET Peter Robinson wrote: > On Tue, Nov 2, 2021 at 7:48 AM Kamil Dudka <kdudka@xxxxxxxxxx> wrote: > > > > > > > On September 22 I submitted a Fedora 35 update of curl, which obsoleted > > a previously submitted security update of curl. The update has reached > > karma +13 since then, yet I was unable to make Bodhi push the update to > > stable: > > > > > > > > https://bodhi.fedoraproject.org/updates/FEDORA-2021-1d24845e93 > > > > > > > > I can see that there are some automated tests failing but I have no idea > > where the tests come from or how to waive their results. The tests > > directory in the f35 branch in Fedora git has not been touched since > > 2017: > > > > > > > > https://src.fedoraproject.org/rpms/curl/c/c7e4ac60 > > > > > > > > Any idea how to move the update forward? > > > Well I don't know about the tests but you could have filed it as a > blocker/freeze exception [1] for F-35 as we have a policy for fixing > CVEs for things that are shipped in core artifacts because things like > installers/Live images etc aren't updated over the life of the > release, that ship has now sailed but please be aware of the process > going forward especially for something as core as curl. > > [1] https://qa.fedoraproject.org/blockerbugs/ Thanks for heads up! Nevertheless, curl upstream releases each 8 weeks and each release usually contains some security fixes. So, if the images do not get updated over the life of the release, we will be in a similar situation a few weeks later anyway. And we always need to balance the risk and profit for any last minute changes... Kamil _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
