Hi, xine-lib 1.1.10, another recent xine-lib security release, was released yesterday. I tried to get it shipped ASAP, but bodhi does not let me file a request to push it directly to stable. All the "mark as stable" etc functionality is visible in the UI, but when invoked, bodhi turns the request into a testing one (including when it's already in testing!) and tells me that it's waiting for security team approval. So, the result is that if I had not marked the package as a security update, it would be now in the updates repo. Now it's only in testing. Bodhi seems to be entirely happy with requesting non-security updates directly to stable, but security ones need to go through testing. To me this logic is the exact opposite of what it should be (if we want to prevent pushing directly to stable in the first place). What am I expected to do now? Do I need to wait/watch when the security team approval comes and then go try request it to be pushed to stable or will that happen automatically? I'm tempted to revoke the current request and file it again as a regular bugfix one so it could go directly to stable updates ASAP... (only half kidding) Also, there used to be a text box where I could enter the CVE numbers of security issues fixed by an update. I don't see it any more, was it removed on purpose? -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
