Re: Approvals for Security updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Michael

On Thu, 2007-09-06 at 23:41 -0400, Michel Salim wrote:
> On 06/09/07, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote:
> > Lubomir Kundrak <lkundrak <at> redhat.com> writes:
> > > A week ago, there remained no time to discuss this on FESCo meeting, so
> > > I was advised to post it here for comments: [1]
> > >
> > > [1] http://fedoraproject.org/wiki/LubomirKundrak/SecurityUpdateProcessDraft
> >
> > IMHO, you have to be careful that the approval process doesn't introduce excess
> > delays because otherwise you'd encourage even more security updates not to be
> > marked as such (and if you implement the automarking when a security bug is
> > referenced, also missing Bugzilla references to avoid the security marking),
> > which would be counterproductive.
> 
> How about retroactively reclassifying an update as a security update?
> This would work, the only problem being that the Changelog of a
> package initially unmarked would have no reference to CVE, unless the
> reclassifying triggers a rebuild of the update.

Pointless. The update mails would also not be marked [SECURITY].

> 
> -- 
> Michel
> 

Regards,
-- 
Lubomir Kundrak (Red Hat Security Response Team)

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux