On Wed, 2011-05-18 at 08:57 -0700, Adam Williamson wrote:
# There must be no known remote code execution vulnerability which could be exploited during installation or during use of a live image shipped with the release
Points to consider:
One more 'point to consider' that I forgot: for most things we only consider the 'desktop' and KDE live images as capable of blocking the release, but I thought for security issues it makes sense to broaden this out to all the images we actually ship as part of the release. This is definitely up for debate, though; it would be possible to tighten it down to only desktop and KDE, or to only the most commonly-used spins, or something.