I think there could be a lot of benefit in automated pushing of critical path security updates, rather than requiring the maintainer to push them manually. Could you look into whether there is a compelling justification for not doing this? Sent: Saturday, April 18, 2015 at 5:42 PM From: "Matthew Miller" <mattdm@xxxxxxxxxxxxxxxxx> To: "Discussion of RPM packaging standards and practices for Fedora" <packaging@xxxxxxxxxxxxxxxxxxxxxxx> Cc: Bjorn@rombobjörn.se Subject: Re: critical path security update policy On Sat, Apr 18, 2015 at 10:15:06PM +0200, Jerry Bratton wrote: > "It must first reach a karma of 2, consisting of 0 positive karma from > proventesters, along with 2 additional karma from the community." > While the update has a karma of 2, only one of those is from the > community (the other being from proventesters). My understanding is that > the policy requiring 2 karma from the community is currently what's > keeping the update in testing. That's just an oblique way of saying "proventesters aren't required". The proventesters karma is, as far as I know, included in the other. At this point, the update isn't held up by policy restricting it from being pushed -- it's up to the maintainers to do so. Now, you could argue that there should be a policy saying that they *should* push such updates as soon as possible, but there may be some circumstances we don't know about. -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
