Res: Open Letter: Why I, Kevin Kofler, am not rerunning for FESCo

Kevin Kofler kevin.kofler at
Tue May 4 17:47:21 UTC 2010

Michael Cronenworth wrote:
> Fedora security updates are regularly given no testing and are pushed
> directly to stable. Perhaps you should classify your updates with a
> severity of security.

That doesn't work because security updates require security team approval 
(another silly policy which was enforced despite almost everybody on the 
devel list having been against it, only the security team itself wanted it) 
and the security team will reject updates which are not actually security 
updates. (They want to see a specific CVE and even reject updates which fix 
potential security holes, asking them to be changed to regular bugfix 
updates instead, unless you can show evidence for a concrete security hole. 
For example, they had me change a qimageblitz update which fixed qimageblitz 
requiring an executable stack on x86_64 from security to bugfix.)

        Kevin Kofler

More information about the devel mailing list