How can we make security updates faster?

Paul Wouters pwouters at
Mon May 28 16:57:18 UTC 2012


I've recently had release updates to two packages with CVE issues in
then. A few weeks ago, pidgin-otr needed a lot of me prodding people
to try it and give karma to get the security update out. Right now, my
socat CVE security releases sits in all four branches with no karma after
four days.

Is there something we can do to make these security updates move faster?

Perhaps a new mailinglist that just announces the security releases, to
remind people to test them and give karma.

Perhaps a gui app for people running post latest full release fedora
installs that checks if some software you are using is in need of karma?

Perhaps push security releases within 3 days if no -1 karma has been

Push updates to stable when a certain download/install ratio has been
seen with no -1 karma?

Any other thoughts?


More information about the devel mailing list