On Fri, 2012-10-26 at 12:44 -0700, Adam Williamson wrote: > I think with the feedback we've seen so far that we can say the original > proposal was substantially too broad, so how about this as a revised > proposal - for now, we just add a single Final release criterion which > reads: > > "The release must contain no known security issues of 'important' or > higher impact according to the Red Hat severity classification scale > which cannot be satisfactorily resolved by a package update (e.g. issues > during installation)" > > ? How does that sound to everyone? It drops the issue entirely for Alpha > and Beta, and means we only consider bad issues that cannot be fixed > with an update for Final. Hmm, actually, let's change 'issues' to 'bugs' there, I think that makes it clearer that we're talking about things that have actually been accepted as bugs - it avoids any suggestion we'd be wading into the debate about what actually constitutes a security issue, as Johann was concerned about. So: "The release must contain no known security bugs of 'important' or higher impact according to the Red Hat severity classification scale which cannot be satisfactorily resolved by a package update (e.g. issues during installation)" with the understanding that QA would never use this to wade into something like the sshd question and declare that it was a Bug That Must Be Fixed. It applies only to things that are clearly agreed to be actual bugs. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
