Thunderbird bz 579023 still not fixed even though there is an upstream fix available
jspaleta at gmail.com
Thu Apr 29 19:19:00 UTC 2010
On Thu, Apr 29, 2010 at 9:58 AM, Christopher Aillon <caillon at redhat.com> wrote:
> Anyway, it's unfortunate that this really isn't done more often. I
> really think that as a project, we'd be doing a lot better if we
> mandated upstream review before applying patches to any package if you
> aren't an upstream maintainer of the code. As it is now, it's somewhat
> scary to think how many packagers would take a bugfix patch and apply it
> without being able to figure out if there's a potential hidden exploit
> in it...
The question is... is there a communication breakdown which let this
particular patch linger in the review process for too long ? And if
so, what can 'we' do to address that breakdown?
It definitely seems there's recognition from Mozilla that something in
the communication broke down from this sidebar discussion at LWN:
The question I have is.. do 'we' understand our role in driving
important issues up into upstream's review que to make sure it gets
looked at in a timely way?
It seems to me the review process worked like it was suppose to
here...but it just didn't get triggered in a timely manner...partly
because we didn't jump up and down about it being important.
More information about the devel