----- Original Message ----- > > I say, local privilege escalations with publicly available exploits, and > remotely triggerable vulnerabilities. If such an issue is known before > Final, we should attempt to address it before releasing. > I think it makes sense to address these prior to a release (on a case by case basis), but I think we're missing the real point here. We don't re-spin install media in Fedora, that means that if a remote root hole is found 2 days after release, what do we do? (the current answer is nothing). Perhaps the correct answer is to have firstboot update the system for a user (do it in the background so they can still login do things). If firstboot can't update the system, it's likely there is no Internet connection anyway. -- JB -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test