On Fri, 2012-10-26 at 12:49 -0700, Adam Williamson wrote: > On Fri, 2012-10-26 at 12:44 -0700, Adam Williamson wrote: > > > I think with the feedback we've seen so far that we can say the original > > proposal was substantially too broad, so how about this as a revised > > proposal - for now, we just add a single Final release criterion which > > reads: > > > > "The release must contain no known security issues of 'important' or > > higher impact according to the Red Hat severity classification scale > > which cannot be satisfactorily resolved by a package update (e.g. issues > > during installation)" > > > > ? How does that sound to everyone? It drops the issue entirely for Alpha > > and Beta, and means we only consider bad issues that cannot be fixed > > with an update for Final. > > Hmm, actually, let's change 'issues' to 'bugs' there, I think that makes > it clearer that we're talking about things that have actually been > accepted as bugs - it avoids any suggestion we'd be wading into the > debate about what actually constitutes a security issue, as Johann was > concerned about. So: > > "The release must contain no known security bugs of 'important' or > higher impact according to the Red Hat severity classification scale > which cannot be satisfactorily resolved by a package update (e.g. issues > during installation)" > > with the understanding that QA would never use this to wade into > something like the sshd question and declare that it was a Bug That Must > Be Fixed. It applies only to things that are clearly agreed to be actual > bugs. As this got generally ack'ed and no-one complained, I've pushed it into production now in the Final criteria - https://fedoraproject.org/wiki/Fedora_18_Final_Release_Criteria . I also moved the 'upgrade' criterion up a bit into what I think of as the 'install section' at the same time, so the change is a bit confused, sorry about that. (The criteria are roughly organized into component groups, though this isn't clearly called out, another deficiency of the current layout). -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test