Thunderbird bz 579023 still not fixed even though there is an upstream fix available
caillon at redhat.com
Thu Apr 29 17:58:32 UTC 2010
On 04/27/2010 02:55 PM, Kevin Kofler wrote:
> I think that, sure, we should try to get patches upstreamed, but I don't see
> why we'd need to wait for their approval before applying them, other than
> due to the aforementioned trademark bureaucracy.
You really don't see the value in having the engineers that own the code
give technical review?
> Firefox and Thunderbird are the ONLY high-profile packages in Fedora working
> that way, and there must be very few packages in Fedora being maintained in
> this style.
Getting sign-off is standard practice for the kernel too. Maybe we
should drop that package?
Anyway, it's unfortunate that this really isn't done more often. I
really think that as a project, we'd be doing a lot better if we
mandated upstream review before applying patches to any package if you
aren't an upstream maintainer of the code. As it is now, it's somewhat
scary to think how many packagers would take a bugfix patch and apply it
without being able to figure out if there's a potential hidden exploit
More information about the devel