On 10/26/2012 07:14 PM, Adam Williamson wrote:
I wanted to raise the question of whether it makes sense in general to hold our releases for some security bugs. Right now we have no capacity to do that.
I dont think that should be for us to decide. When we encounter potential security issue in the development release cycle we should just forward those issue to the security team to determine if that's the case and let's assume it is then *they* would contact fesco which in turn decides if the release should be *delayed* or not until that security issue has been addressed.
Given that these issue are few and far in between I dont think it warrants an specific criteria surrounding it but should rather be dealt on a case by case bases.
The security community exists for this exact purpose so let's just let them handle that. They are expert in what they do...
JBG -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test