Hi Michael On Thu, 2007-09-06 at 23:41 -0400, Michel Salim wrote: > On 06/09/07, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: > > Lubomir Kundrak <lkundrak <at> redhat.com> writes: > > > A week ago, there remained no time to discuss this on FESCo meeting, so > > > I was advised to post it here for comments: [1] > > > > > > [1] http://fedoraproject.org/wiki/LubomirKundrak/SecurityUpdateProcessDraft > > > > IMHO, you have to be careful that the approval process doesn't introduce excess > > delays because otherwise you'd encourage even more security updates not to be > > marked as such (and if you implement the automarking when a security bug is > > referenced, also missing Bugzilla references to avoid the security marking), > > which would be counterproductive. > > How about retroactively reclassifying an update as a security update? > This would work, the only problem being that the Changelog of a > package initially unmarked would have no reference to CVE, unless the > reclassifying triggers a rebuild of the update. Pointless. The update mails would also not be marked [SECURITY]. > > -- > Michel > Regards, -- Lubomir Kundrak (Red Hat Security Response Team) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
