On 12/29/2007 04:17 PM, Rahul Sundaram wrote:
Christopher Aillon wrote:
On 12/29/2007 02:32 AM, Rahul Sundaram wrote:
Christoph Wickert wrote:
I completely agree with you. Maybe we could say that updates are
allowed
to bypass testing if they fix
a) serious bugs
b) bugs marked as "urgent"
c) broken deps
b) isn't a good criteria since anybody can mark any bug as urgent. If
the priority field in bugzilla is restricted to package maintainers
and triagers, I would agree with you.
The same maintainer who marks "push right to stable" can tweak the
field before they submit the update and you won't have solved anything.
Even if it had a strict set of rules and maintainers are going to abuse
the system,
Hey dude, I wasn't the one agreeing with a set of rules, that was you.
I'm just saying it's unwise to agree with a set of rules that can still
be worked around easily.
they can mark any update as a critical security update and
push it through too but then it is much more easier to point out who is
responsible compared to users just marking a random bug as a high
priority one.
I just noticed that nobody sent out a FESCo Meeting Summary for
2007-09-27[1]. There, we approved
http://fedoraproject.org/wiki/LubomirKundrak/SecurityUpdateProcessDraft
so the Fedora Security Response team would have to approve it before it
gets released as a security advisory.
[1] At least there's a log at
http://bpepple.fedorapeople.org/fesco/FESCo-2007-09-27.html
Nobody's implemented that yet, though... Luke? This would be quite nice
to get done... :-)
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
