Re: Disturbing lack of FE security updates announcements!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2006-11-09 at 13:41 +0100, Hans de Goede wrote:
> Josh Bressers wrote:
> >> https://www.redhat.com/archives/fedora-extras-list/2006-November/msg00148.html
> >>
> >> Hans de Goede schrieb:
 
> > This is currently a non trivial problem to solve.  We lack the man power to
> > modify the various problem packages ourselves, so the obvious solution is
> > to let the owner do the work and the security team would only have to step
> > in when the owner is MIA.  As soon as the owner builds the new package is
> > magically appears as part of FE.  We don't have an easy way to determine
> > when something has been pushed live.
> > 
> > The right way to solve this problem is to send announcements for every FE
> > update (security or not), and to let the security team edit security
> > advisories to ensure the proper information is included.
> > 
> 
> That is one solution, but given the rolling release model of FE, that are going to
> be a lot of announcements. Why not ask FE package maintainers to send a security
> announcement out when they push an update which has security implications / fixes?
Let me turn this thing around: Why should they?

I don't see why filing a PR and then giving maintainers a chance to
react should not work. Whether they will be able to react, whether they
will be able to react in reasonable time is a different question.

Ralf


-- 
fedora-extras-list mailing list
fedora-extras-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-list

[Index of Archives]     [Fedora General Discussion]     [Fedora Art]     [Fedora Docs]     [Fedora Package Review]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Backpacking]     [KDE Users]

  Powered by Linux