Updates proposal - alternative draft 1
Rahul Sundaram
metherid at gmail.com
Tue Mar 9 19:50:21 UTC 2010
On 03/10/2010 01:12 AM, Michał Piotrowski wrote:
>
> Let's consider a case - there is a giant hole in kernel - and there is
> a remote exploit somewhere in the wild. Do we want to wait a few days
> or so when package will go through updates-testing? There should be an
> exception to this rule for fixes for a _real_ security threads.
>
As opposed to fake security threats? In the case of the kernel, if the
new kernel update we rush through without passing via updates-testing
repo doesn't boot you can always boot back into an older kernel but
other packages typically do not have this privelage and we need to be
cautious about this and if there is a really need to expedite the update
for whatever reasons, it is already covered by one point in my proposal
and I repeat:
* Exceptions or expedited update requests must go via release engineering
Rahul
More information about the devel
mailing list