On 06/09/07, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: > Lubomir Kundrak <lkundrak <at> redhat.com> writes: > > A week ago, there remained no time to discuss this on FESCo meeting, so > > I was advised to post it here for comments: [1] > > > > [1] http://fedoraproject.org/wiki/LubomirKundrak/SecurityUpdateProcessDraft > > IMHO, you have to be careful that the approval process doesn't introduce excess > delays because otherwise you'd encourage even more security updates not to be > marked as such (and if you implement the automarking when a security bug is > referenced, also missing Bugzilla references to avoid the security marking), > which would be counterproductive. How about retroactively reclassifying an update as a security update? This would work, the only problem being that the Changelog of a package initially unmarked would have no reference to CVE, unless the reclassifying triggers a rebuild of the update. -- Michel -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
