Thunderbird bz 579023 still not fixed even though there is an upstream fix available

Kevin Kofler kevin.kofler at
Fri Apr 30 06:04:04 UTC 2010

Christopher Aillon wrote:
> You really don't see the value in having the engineers that own the code
> give technical review?

I don't think this should be a requirement for each and every patch to ANY 
Fedora package.

It is generally not necessary and delays fixing bugs a lot.

> Anyway, it's unfortunate that this really isn't done more often.  I
> really think that as a project, we'd be doing a lot better if we
> mandated upstream review before applying patches to any package if you
> aren't an upstream maintainer of the code.  As it is now, it's somewhat
> scary to think how many packagers would take a bugfix patch and apply it
> without being able to figure out if there's a potential hidden exploit
> in it...

And you think the average upstream is any better at this? Seriously?

        Kevin Kofler

More information about the devel mailing list