Hi folks,
libsndfile for EL-5 has had a security vulnerability for many months, and now that it is actively maintained again, unfortunately hit the Bodhi proventester bottleneck (see forwarded announcement below)
---------- Forwarded message ---------- From: Luke Macken lmacken@redhat.com Subject: Bodhi 0.7.5 release
[...] Critical path package[0] updates now require positive karma from two proventesters[1], and a single +1 from one other community member. [...]
We need two proventesters to approve this update: https://admin.fedoraproject.org/updates/libsndfile-1.0.17-3.el5
The patch applied is trivial (see the first linked bug report in the update request, and feel free to check out the libsndfile package and verify that the patch is applied to the EL-5 branch).
Thanks,
correction: 1 proventester needed, not two. Thanks in advance.
On Mon, Jul 12, 2010 at 9:16 AM, Michel Alexandre Salim michael.silvanus@gmail.com wrote:
Hi folks,
libsndfile for EL-5 has had a security vulnerability for many months, and now that it is actively maintained again, unfortunately hit the Bodhi proventester bottleneck (see forwarded announcement below)
---------- Forwarded message ---------- From: Luke Macken lmacken@redhat.com Subject: Bodhi 0.7.5 release
[...] Critical path package[0] updates now require positive karma from two proventesters[1], and a single +1 from one other community member. [...]
We need two proventesters to approve this update: https://admin.fedoraproject.org/updates/libsndfile-1.0.17-3.el5
The patch applied is trivial (see the first linked bug report in the update request, and feel free to check out the libsndfile package and verify that the patch is applied to the EL-5 branch).
Thanks,
-- Michel Alexandre Salim Fedora Project Contributor: http://fedoraproject.org/
Email: salimma@fedoraproject.org | GPG key ID: 78884778 Jabber: hircus@jabber.ccc.de | IRC: hircus@irc.freenode.net
() ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
On Mon, 2010-07-12 at 09:16 +0200, Michel Alexandre Salim wrote:
Hi folks,
libsndfile for EL-5 has had a security vulnerability for many months, and now that it is actively maintained again, unfortunately hit the Bodhi proventester bottleneck (see forwarded announcement below)
---------- Forwarded message ---------- From: Luke Macken lmacken@redhat.com Subject: Bodhi 0.7.5 release
[...] Critical path package[0] updates now require positive karma from two proventesters[1], and a single +1 from one other community member. [...]
We need two proventesters to approve this update: https://admin.fedoraproject.org/updates/libsndfile-1.0.17-3.el5
The patch applied is trivial (see the first linked bug report in the update request, and feel free to check out the libsndfile package and verify that the patch is applied to the EL-5 branch).
Luke, I really think turning on critpath requirements for everything in the world is going to prove to be a problem. I certainly never expected this to hit EPEL, AFAIK Fedora QA and FESCo have no actual power to commit to this policy for EPEL. How hard would it be to just disable this requirement again for EPEL at least?
On Mon, 12 Jul 2010 08:33:34 -0700 Adam Williamson awilliam@redhat.com wrote:
Luke, I really think turning on critpath requirements for everything in the world is going to prove to be a problem. I certainly never expected this to hit EPEL, AFAIK Fedora QA and FESCo have no actual power to commit to this policy for EPEL. How hard would it be to just disable this requirement again for EPEL at least?
Yeah, it looks like Luke is going to revert this for EPEL very soon...
kevin
On Tue, 2010-07-13 at 17:58 -0600, Kevin Fenzi wrote:
On Mon, 12 Jul 2010 08:33:34 -0700 Adam Williamson awilliam@redhat.com wrote:
Luke, I really think turning on critpath requirements for everything in the world is going to prove to be a problem. I certainly never expected this to hit EPEL, AFAIK Fedora QA and FESCo have no actual power to commit to this policy for EPEL. How hard would it be to just disable this requirement again for EPEL at least?
Yeah, it looks like Luke is going to revert this for EPEL very soon...
yes, we had a private mail chat about it, I think he either has already committed or will very soon commit a fix to turn it off for EPEL. thanks luke!
On Tue, 13 Jul 2010 17:03:09 -0700, Adam Williamson wrote:
On Tue, 2010-07-13 at 17:58 -0600, Kevin Fenzi wrote:
On Mon, 12 Jul 2010 08:33:34 -0700 Adam Williamson awilliam@redhat.com wrote:
Luke, I really think turning on critpath requirements for everything in the world is going to prove to be a problem. I certainly never expected this to hit EPEL, AFAIK Fedora QA and FESCo have no actual power to commit to this policy for EPEL. How hard would it be to just disable this requirement again for EPEL at least?
Yeah, it looks like Luke is going to revert this for EPEL very soon...
yes, we had a private mail chat about it, I think he either has already committed or will very soon commit a fix to turn it off for EPEL. thanks luke!
That's good news. Thanks, Luke!
I was just looking at the status of my package updates and the EPEL ones seem to be stalled (at pending -> testing and testing -> stable) -- I wonder how much this is due to the Bodhi changes.