mattdm added a new comment to an issue you are following:
``
@alsadi Well, there's always a balance. We wouldn't want to make things _worse_ by
pushing out a bad fix too quickly. The sudo update is an interesting example here.
It's obviously a security fix, but the issue it corrects is an escalation from limited
sudo privileges to full-root equivalent. In the default configuration in Fedora, we give
full-root equivalent to members of the `wheel` group, and nothing else — in other words,
unless you've got a special configuration, the issue doesn't matter.
Meanwhile, it turns out that the initial fix was incomplete — see
https://bugzilla.redhat.com/show_bug.cgi?id=1459152. It isn't in this case, but
_could_ have been that the quick fix makes things worse. A bad update to sudo could even
lock legitimate users out of their systems.
Yes, we need to get updates out quickly... but we also need to make sure that they're
_good_ updates. I don't think loosening the amount of required QA is the answer.
``
To reply, visit the link below or just reply to this email
https://pagure.io/releng/issue/5886