Res: Open Letter: Why I, Kevin Kofler, am not rerunning for FESCo
Kevin Kofler
kevin.kofler at chello.at
Tue May 4 17:47:21 UTC 2010
Michael Cronenworth wrote:
> Fedora security updates are regularly given no testing and are pushed
> directly to stable. Perhaps you should classify your updates with a
> severity of security.
That doesn't work because security updates require security team approval
(another silly policy which was enforced despite almost everybody on the
devel list having been against it, only the security team itself wanted it)
and the security team will reject updates which are not actually security
updates. (They want to see a specific CVE and even reject updates which fix
potential security holes, asking them to be changed to regular bugfix
updates instead, unless you can show evidence for a concrete security hole.
For example, they had me change a qimageblitz update which fixed qimageblitz
requiring an executable stack on x86_64 from security to bugfix.)
Kevin Kofler
More information about the devel
mailing list