Re: critical path security update policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>The update ticket has been set to need +3.
>
>It could have been lowered to +2 by the update submitter, but whether and
>when to do that depends on various factors.

Where did the +2 threshold come from? Are you saying the submitter did not request it?

>No. This is not just about security issues. It is about all Test Updates.
>Good ones, trivial ones, and the occasional brown paperbag. ;) Frankly,
>I'm the wrong person in such a discussion. If nobody else takes a look at
>updates-testing in 16 days, that's disappointing, isn't it? You will never
>know what may appear in the "stable" updates repo. Once it's in there,
>it's too late.
>
>It's not even necessary to run with _full_ updates-testing enabled. Just
>the occasional look at pending Test Updates can be enlightening. Focus on
>what might be important to you. Notice the Firefox update, give it a try,
>be happy if it works, give feedback (especially if there's an issue).

You stated it's "not true" that users of Fedora 20 have been vulnerable for 16 days. You apparently justify this claim by stating that they could have used the package from updates testing. In other words, your opinion is that every user of Fedora should be expected to check updates testing every day and manually apply security updates from updates testing, overriding the Fedora defaults, in order to get critical security updates in a timely fashion (i.e. not having to wait 16 days and counting). You consider this to be the most reasonable solution to the problem? I'm at a loss.
--
packaging mailing list
packaging@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/packaging





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Forum]     [KDE Users]

  Powered by Linux