-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Mon, Jul 28, 2014 at 07:24:10AM -0400, joat wrote:
Who's the decision authority on stuff like this, where an issue
is more
politics than security?
If upstream doesn't want to incorporate the fix then we can ask the packager to push a
patch to fix it. We can also go to FESCo and ask.
In this particular case I believe we need to have someone review the CVE. I'll do
that now.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJT1l/NAAoJEB/kgVGp2CYv3bMMAIpVxjJ+kaXglh50/m3u0i1D
YR4NeBZZAHKPJSD1JHa0FaHsjkXWkYErEY1G8VVbLk7K8vleUZpVIo37ieB3IHN5
P31T2NC7/Z3f3ysHKfoTd4cvE55PZTIQBybJ6rGFVyxeeksu2aLGcFpmR3GWEHXp
ggQXTWqFZqIySadOxXMBjK4gns2iQ7DesNO0M53FSwG2NNIE1iBWGkVUjq+n616k
ouqHrNvDEKUDX2uUoKDYgiUm+F0SocbPUZ4TqVZifO9FJwV9aKJHFXQ4jh3xWVEJ
+C2Kcy0fPd18mOpa/Ir/lt7yUCO9vHCjzo5CBSOqo+7+Rdc43EOTTD3RDT+Cct9s
Eamjwi8pfSLEmKsEyv37o2ZV3F97oGG169+UCWWpvLHsHVMCE2pd3EiALR/D0suR
V/8b1N0q6DJpz7+XWUWBbD3/JATQlkhxF2Y4ljgJxwHhCYSpbIIYndlmn+YTWu4r
KzBetUb904sajOHtJKtJ9AYsVsshSVvkzx5QGb6dtA==
=IDsc
-----END PGP SIGNATURE-----