Hi, top posting on purpose: The thread about whether and how people should or should not issue fedora-package-announce [SECURITY] announcements drifetd to discussing about who's allowed to edit other people's specfiles for fast reaction etc. and faded out. The true item of Hans' query remains: Should Fedora Extras security announcements be sent to fedora-announce-packages or not? And if yes, who writes/sends it, the packager, or is it relayed to a special person/group? I checked the wiki and found no template to use, if I were to do so now I would simply pick the latest announce (from Hans) and modify it accordingly. But I'm not sure this is even wanted. If the packager, or someone else, is to do these announcements it would be nice to have such an announce template in the wiki. BTW this is no academic exercise, I'm queuing in mediawiki upgrades to fix a XSS Ajax issue, and would like to know whether it will be a stealth upgrade, or whether I should start shouting. On Thu, Nov 09, 2006 at 12:01:12PM +0100, Hans de Goede wrote: > Hi All, > > This morning I've been working on fixing several security flaws in > imlib2. When I was done with fixing and building these, I started > writing a security update notification mail to send to > fedora-package-announce@xxxxxxxxxx In the usual format for updates > send to this list. > > The Fedora Extras updates have there own numbering scheme seperate > of that of FC, so I started looking through the archives for the > last update to give mine the next free number, much to my shock the > idenitifier for this security update is: FEDORA-EXTRAS-2006-004 > > IOW, this is the 4th security announcement send on behalve of FE > this year, that is really BAD! Even worse, FEDORA-EXTRAS-2006-003 > the previous announcement was also send to the list by me? Am I the > only one taking the trouble to announce security updates?? > > When magazine XXX is going todo security stats on FE the will use > the official announcements to determine our response time and this > will make us look bad, not to mention the fact that this is really > bad communication to our end users! > > FESco, can you please mandate sending a mail to > fedora-package-announce@xxxxxxxxxx for security related updates? > > Regards, > > Hans > -- Axel.Thimm at ATrpms.net
Attachment:
pgpO4W7FCAia4.pgp
Description: PGP signature
-- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list