On 22/07/13 07:49PM, Fabio Valentini wrote: > I wonder if it would have made sense to have submitted those 300+ > builds in separate bodhi updates (at least in several smaller batches, > if not individually)? > At least in this case, that would've been a little bit more work, but > would have caused less of a chance to break bodhi. > As far as I can tell, there's no reason the builds need to be handled > together, as the only thing that ties these builds together is the > *reason* why they were rebuilt, but they don't necessary need to be > pushed to testing or stable as a single unit. You're right. They don't have to be rebuilt together as long as the patched version of golang/the libraries with CVEs are in the buildroot. I decided to handle them as a single update to make it easier to manage/organize. I don't want to have to manage 300+ different updates and have my Fedora mailbox flooded with notifications from them. The RH prodsec team already does a good enough job at flooding my inbox :(. It probably wouldn't be too much effort to split them into multiple batches, though. --- Also, there was a new golang version released today that has fixes for 9 CVEs, so I will probably have to do another rebuild in F36 and Rawhide. It would be helpful if we could come to a conclusion about how to handle this properly sooner rather than later. -- Thanks, Maxwell G (@gotmax23) Pronouns: He/Him/His
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
