Miro Hrončok wrote:
My idea was that within half a year, it should be wither fixed or
as WONTFIX or UPSTREAM. If we don't agree, I'm completely fine making it
12 months or even ignore such bugs in the policy entirely.
I don't see how it is an improvement to close security fixes that are
blocking on upstream (in)action as UPSTREAM, as opposed to keeping them open
so that it is clear to everyone that they need to be fixed.
I think that the policy being discussed here just ought to be dropped
entirely, because it will do absolutely nothing to make Fedora actually more
secure, but only amounts to extra bureaucracy and extra work for packagers.