Security update process without CVEs

Dan Scott denials at gmail.com
Tue Jan 21 21:26:19 UTC 2014


Hi:

A few hours ago I submitted requests to push perl-MARC-XML directly to
stable (by filling out the "fedpkg update" request with type=security
and request=stable)

I tried following
https://fedoraproject.org/wiki/Security_Tracking_Bugs?rd=Security/TrackingBugs
but it appears to depend on waiting on a CVE, which upstream did not
yet have... but upstream had already pushed the new release to CPAN.

Despite requesting stable, though,
https://admin.fedoraproject.org/updates/perl-MARC-XML-1.0.2-1.fc19
shows that "testing" was requested.

Should I wait, then push to stable? Or is this going to go to stable
automatically?

My apologies if I screwed up, but it didn't seem like a good idea to
wait on the CVE...

Thanks,
Dan

P.S. Please find here more apologies about only packaging updates on
an irregular basis and therefore not being 100% plugged in :/


More information about the devel mailing list