critpath approval process seems rather broken
TASAKA Mamoru
mtasaka at fedoraproject.org
Sun Apr 10 06:41:25 UTC 2011
Tomasz Torcz wrote, at 04/09/2011 07:57 PM +9:00:
> On Sat, Apr 09, 2011 at 05:32:04AM +0200, Kevin Kofler wrote:
>> Will Woods wrote:
>>> In fact, there's plenty of approvers available, but you're not engaging
>>> with them. They might not know how to test libtiff, or what needs
>>> testing, so other stuff gets tested first.
>>
>> The fact is, this is a SECURITY UPDATE and as such it should go out even
>> without testing. It's not acceptable to sit on security updates for weeks.
>
> No, security updates are not _that_ special. For example, there's
> an avahi update in pipeline. It has broken dependencies. Pushing this
> would broke some systems. I'm talking about:
> https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
>
So as a result we are just leaving this security issue unresolved
more than one month? Okay, it is all very well that we try to explain
why the new updates request is not yet pushed, however then people
would ask, "so why can't Fedora try to fix such issue like broken
dependency ASAP? Short of man power? Is Fedora just making light
of security issues?"
Who is responsible for this issue?
Regards,
Mamoru
More information about the devel
mailing list