On Sat, Dec 29, 2007 at 06:43:54PM +0100, Christopher Aillon wrote: > On 12/29/2007 04:17 PM, Rahul Sundaram wrote: >> Christopher Aillon wrote: >>> On 12/29/2007 02:32 AM, Rahul Sundaram wrote: >>>> Christoph Wickert wrote: >>>>> I completely agree with you. Maybe we could say that updates are >>>>> allowed >>>>> to bypass testing if they fix >>>>> a) serious bugs >>>>> b) bugs marked as "urgent" >>>>> c) broken deps >>>> >>>> b) isn't a good criteria since anybody can mark any bug as urgent. If >>>> the priority field in bugzilla is restricted to package maintainers and >>>> triagers, I would agree with you. >>> >>> The same maintainer who marks "push right to stable" can tweak the field >>> before they submit the update and you won't have solved anything. >> >> Even if it had a strict set of rules and maintainers are going to abuse >> the system, > > Hey dude, I wasn't the one agreeing with a set of rules, that was you. I'm > just saying it's unwise to agree with a set of rules that can still be > worked around easily. > >> they can mark any update as a critical security update and push it through >> too but then it is much more easier to point out who is responsible >> compared to users just marking a random bug as a high priority one. > > I just noticed that nobody sent out a FESCo Meeting Summary for > 2007-09-27[1]. There, we approved > http://fedoraproject.org/wiki/LubomirKundrak/SecurityUpdateProcessDraft so > the Fedora Security Response team would have to approve it before it gets > released as a security advisory. > > [1] At least there's a log at > http://bpepple.fedorapeople.org/fesco/FESCo-2007-09-27.html > > Nobody's implemented that yet, though... Luke? This would be quite nice to > get done... :-) The code has been written and will make its way out with the next bodhi upgrade. luke -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
