How can we make security updates faster?
Paul Wouters
pwouters at redhat.com
Mon May 28 16:57:18 UTC 2012
Hi,
I've recently had release updates to two packages with CVE issues in
then. A few weeks ago, pidgin-otr needed a lot of me prodding people
to try it and give karma to get the security update out. Right now, my
socat CVE security releases sits in all four branches with no karma after
four days.
Is there something we can do to make these security updates move faster?
Perhaps a new mailinglist that just announces the security releases, to
remind people to test them and give karma.
Perhaps a gui app for people running post latest full release fedora
installs that checks if some software you are using is in need of karma?
Perhaps push security releases within 3 days if no -1 karma has been
received?
Push updates to stable when a certain download/install ratio has been
seen with no -1 karma?
Any other thoughts?
Paul
More information about the devel
mailing list