On 22/07/13 07:49PM, Fabio Valentini wrote:
I wonder if it would have made sense to have submitted those 300+
builds in separate bodhi updates (at least in several smaller batches,
if not individually)?
At least in this case, that would've been a little bit more work,
but
would have caused less of a chance to break bodhi.
As far as I can tell, there's no reason the builds need to be handled
together, as the only thing that ties these builds together is the
*reason* why they were rebuilt, but they don't necessary need to be
pushed to testing or stable as a single unit.
You're right. They don't have to be rebuilt together as long as the
patched version of golang/the libraries with CVEs are in the buildroot.
I decided to handle them as a single update to make it easier to
manage/organize. I don't want to have to manage 300+ different updates
and have my Fedora mailbox flooded with notifications from them. The RH
prodsec team already does a good enough job at flooding my inbox :(.
It probably wouldn't be too much effort to split them into multiple
batches, though.
---
Also, there was a new golang version released today that has fixes for 9
CVEs, so I will probably have to do another rebuild in F36 and Rawhide.
It would be helpful if we could come to a conclusion about how to handle
this properly sooner rather than later.
--
Thanks,
Maxwell G (@gotmax23)
Pronouns: He/Him/His