As you folks must have noticed, this has eventually been approved by fesco and announced. I need to work on documenting this and get RCM or someone to implement this in some way. Any help is appreciated!

-------- Forwarded Message -------- Subject: New policy for orphaning/retiring packages with open security bugs Date: Tue, 4 Sep 2018 09:17:15 +0000 From: Zbigniew Jędrzejewski-Szmek zbyszek@in.waw.pl Reply-To: devel@lists.fedoraproject.org To: devel-announce@lists.fedoraproject.org

FESCo accepted [1] a new policy to handle packages with long-standing known security bugs in a way similar to FTBFS bugs:

AGREED: If a CRITICAL or IMPORTANT security issue is currently open against a package, or a security issue of lower severity has been open for at least 6 months, four weeks before the branch point a procedure similar to long-standing FTBFS will be triggered immediately, with 8 weeks of weekly notifications to maintainers and subsequent orphaning and then subsequent removal from distribution. This applies to all packages, not just leaf.

This policy will apply to F30 and later. The branch point is on 2019/02/19, so somewhere around January 22 the procedure should start with notifications being sent out. Maintainers are of course encouraged to fix any security issues immediately. See [2] for a list of currently open security bugs.

[1] https://pagure.io/fesco/issue/1935#comment-528180 [2] https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGN...

Zbyszek, on behalf of FESCo _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedorapro... _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org