I think there could be a lot of benefit in automated pushing of critical path security
updates, rather than requiring the maintainer to push them manually.
Could you look into whether there is a compelling justification for not doing this?
Sent: Saturday, April 18, 2015 at 5:42 PM
From: "Matthew Miller" <mattdm(a)fedoraproject.org>
To: "Discussion of RPM packaging standards and practices for Fedora"
<packaging(a)lists.fedoraproject.org>
Cc: Bjorn@rombobjörn.se
Subject: Re: [Fedora-packaging] critical path security update policy
On Sat, Apr 18, 2015 at 10:15:06PM +0200, Jerry Bratton wrote:
"It must first reach a karma of 2, consisting of 0 positive
karma from
proventesters, along with 2 additional karma from the community."
While the update has a karma of 2, only one of those is from the
community (the other being from proventesters). My understanding is that
the policy requiring 2 karma from the community is currently what's
keeping the update in testing.
That's just an oblique way of saying "proventesters aren't required".
The proventesters karma is, as far as I know, included in the other.
At this point, the update isn't held up by policy restricting it from
being pushed -- it's up to the maintainers to do so. Now, you could
argue that there should be a policy saying that they *should* push such
updates as soon as possible, but there may be some circumstances we
don't know about.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
--
packaging mailing list
packaging(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging