On Fri, Jan 20, 2023 at 2:29 PM Demi Marie Obenour <demiobenour@xxxxxxxxx> wrote:
My general rule is that a security fix is worth backporting a SONAME change
for, if there is no way to backport the patch.
In this case all the Fedora branches are recent enough but EL 7 and EL 8 are not and are impractical to fix at this point.
I've already been bitten in the past making major updates to EL branches. I believe this was also with OpenImageIO. Someone was using it at work for their project and had validated against the current version. Obviously in this case there is NO way to determine out of repo dependencies.
The update was required to support a Review Request package so he ultimately re-validated against the newer version, but lesson learned.
Since all of the severities are Medium and not High I think I will leave it as is.
Thanks,
Richard
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
