Problems with bodhi and security updates
Kevin Kofler
kevin.kofler at chello.at
Sun Jan 27 15:09:28 UTC 2008
One more thing: you're quick to blame the security team approval process when
it delays your Fedora 8 update, but this is already the third update you're
pushing to Fedora 7 updates-testing, with now 2 CVEs fixed, and you appear not
to have requested a push to stable for any. I know you can't personally test
the package on all distributions, but this is the case of a security update,
which should be pushed as soon as possible, not held for testing. If you're
using the same specfile, chances are the security fix will work on all distros
if it works on one, and that's really the most important thing in a security
update. But also in other cases, distro-version-specific breakage is rare, it
usually only happens if the different Fedora versions are patched differently
and for one the patch is broken or not applied properly. In this case,
everything is updated to the latest upstream version (which includes the
patches already), so any breakage will (usually) be seen the same way
everywhere, it doesn't make sense to make it wait longer for some versions than
for others.
Many maintainers don't even test their NON-security updates on all Fedora
versions before they push them. (Hey, you're lucky if they even tested it on
ANY distro. ;-) ) You may think that's a bad idea, but at least for security
updates, I think getting it out quickly is more important.
Kevin Kofler
More information about the devel
mailing list