huzaifas reported a new issue against the project: `releng` that you are following: `` We need to implement the new Fedora Security policy as per: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedorapro...
"If a CRITICAL or IMPORTANT security issue is currently open against a package, or a security issue of lower severity has been open for at least 6 months, four weeks before the branch point a procedure similar to long-standing FTBFS will be triggered immediately, with 8 weeks of weekly notifications to maintainers and subsequent orphaning and then subsequent removal from distribution. This applies to all packages, not just leaf."
So before 4 weeks before the branch point, we need to ensure that: 1. Packages which have any pending critical or important security flaws open ie:
https://bugzilla.redhat.com/buglist.cgi?bug_severity=urgent&bug_severity...
are marked for FTBS and not built.
2. Packages which have any <important flaws open for atleast 6 months or more ie:
https://bugzilla.redhat.com/buglist.cgi?bug_severity=urgent&bug_severity...
are marked for FTBS and not build.
* When do you need this? 2019-01-01 - Much before the last branch point.
* If we cannot complete your request, what is the impact? Fedora 30 will ship lot of insecure packages. Major issue for the release. ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
huzaifas added a new comment to an issue you are following: `` ping, any thing on this yet, let me know if any help/clarification is required on my side. thanks! ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
mohanboddu added a new comment to an issue you are following: `` From our releng meeting today:
[12:27:02] <nirik> so yeah, there's a lot of manual looking work there. [12:27:21] <nirik> I wonder if we could coordinate with the orphan cleanup stuff... [12:27:39] <mboddu> nirik: May be [12:28:00] <mboddu> That has been a long standing issue as well [12:28:47] <nirik> yeah [12:29:32] <mboddu> Hmmm [12:30:26] <mboddu> nirik: Probably when Tomas joins, we can have more time at hands to automate this work [12:30:51] <nirik> yeah, we should automate this as much as we can [12:31:54] <mboddu> #info Since due to resource availability, we will work on this ticket next year ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
huzaifas added a new comment to an issue you are following: `` any updates on this? its already new year :)
Not sure if we can meet the Fedora 30 deadline here, but at least starting some momentum on this would be highly appreciated! ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
huzaifas added a new comment to an issue you are following: `` ping again!
Honestly folks, i would like to help, but i have no idea what i can do to help. Ping again, can someone pls pick this up. We wished this would happen on Fedora 30 timeline, but that seems like a distant dream to me. ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
churchyard added a new comment to an issue you are following: `` @mohanboddu @humaton FESCo was approached to make this happen. I don't think we can *order* things to releng, but can I at least personally *beg* to move this forward? ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
kevin added a new comment to an issue you are following: `` I think releng should try and provide two things:
1. Where this work is in their queue of other work. This would allow you to at least see when it could be gotten to, and if you object to the priority of it. 2. What you could do to help get the work done.
Perhaps we could discuss this at our next meeting?
``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
mohanboddu added a new comment to an issue you are following: `` @churchyard Your input is much appreciated:
https://pagure.io/fesco/issue/2090
Thanks ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
mohanboddu added a new comment to an issue you are following: `` From releng meeting on Mar 13 2019:
We will use Security and SecurityTracking keywords to find the BZ tickets with security issues. For ex: https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGN... ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
The issue: `Implement new Fedora Security policy for retiring packages with security bugs` of project: `releng` has been assigned to `humaton` by syeghiay.
huzaifas added a new comment to an issue you are following: `` ping!
I hope we are doing this for fedora 31 now? ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
churchyard added a new comment to an issue you are following: `` What needs t be done here? This hasn't happen for Fedora 31. ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
huzaifas added a new comment to an issue you are following: `` We need to remove packages which dont follow the security policy via FTBS and make sure they are not included in F31. But i guess this has not happened again :( [Similar to F30] ``
To reply, visit the link below or just reply to this email https://pagure.io/releng/issue/7793
rel-eng@lists.fedoraproject.org