critpath approval process seems rather broken

Tom Lane tgl at redhat.com
Sat Apr 9 00:27:09 UTC 2011 

For the past several days I've been getting daily nagmails about the
fact that libtiff hasn't been pushed into f13 (example attached).
Because it's a critpath package, I as the lowly maintainer do not have
privileges to push it stable, not even after two weeks.  Those who do
have privileges to approve this sort of thing evidently are paying no
attention to f13 packages, not even security bugs on critpath packages.

I will refrain from ranting, and just point out that something is
pretty darn broken about this process.  Why are the nagmails going
to someone with no power to fix the problem?  Shouldn't somebody
with approval power be paying more than zero attention to older
branches?

			regards, tom lane


------- Forwarded Message

Date:    Sat, 09 Apr 2011 00:00:43 +0000
From:    updates at fedoraproject.org
To:      tgl at redhat.com
Subject: [Fedora Update] [CRITPATH] [old_testing_critpath] libtiff-3.9.4-4.fc13

The critical path update for libtiff-3.9.4-4.fc13 has been in 'testing' status for over
2 weeks, and has yet to be approved.

================================================================================
     libtiff-3.9.4-4.fc13
================================================================================
  Update ID: FEDORA-2011-3827
    Release: Fedora 13
     Status: testing
       Type: security
      Karma: 0
       Bugs: 684939 - CVE-2011-1167 libtiff: heap-based buffer overflow in
           : thunder decoder (ZDI-11-107)
           : 684007 - libtiff fails to decode some G4 images
           : correctly
           : 678635 - CVE-2011-0192 libtiff: buffer overflow in
           : Fax4Decode
      Notes: Fix incorrect fix for CVE-2011-0192    Add fix for CVE-2011-1167
           : Fix buffer overrun in fax decoding (CVE-2011-0192) as
           : well as a non-security-critical crash in gif2tiff.
  Submitter: tgl
  Submitted: 2011-03-21 20:38:28
   Comments: bodhi - 2011-03-21 20:38:42 (karma 0)
             This update has been submitted for testing by tgl.

             bodhi - 2011-03-22 18:53:10 (karma 0)
             This update has been pushed to testing

  https://admin.fedoraproject.org/updates/libtiff-3.9.4-4.fc13

------- End of Forwarded Message

More information about the devel mailing list