On Sun, Jul 2 2023 at 09:53:30 PM +0000, "Smith, Stewart via devel"
<devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
With this development model, what is the thought for those who may
want to / be able to submit pull requests to CentOS Stream with
security fixes?
It really depends. CentOS Stream does accept merge requests. With
respect to security fixes in particular, I would certainly expect Red
Hat would accept most merge requests that fix security problems.
However, landing any change requires a relatively high amount of effort
from a relatively large amount of people compared to Fedora, where
packagers are in charge and things are much simpler. So whether or not
your merge request will be accepted into CentOS Stream will be a
business decision rather than a community decision. Factors that are
outside your control will be considered (e.g. "how busy is QA team
right now?") So my suggestion is to talk to the developers you see in
the package changelog before submitting a merge request. Merge requests
will often (hopefully even generally) be welcome, but not always. It's
open source, but it's not a true community project like Fedora.
For WebKitGTK specifically, I'm not interested in patching individual
CVEs in CentOS Stream: it's generally much easier and safer to just
always update to the latest upstream release instead.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
