Security update process without CVEs

Dan Scott denials at
Tue Jan 21 21:26:19 UTC 2014


A few hours ago I submitted requests to push perl-MARC-XML directly to
stable (by filling out the "fedpkg update" request with type=security
and request=stable)

I tried following
but it appears to depend on waiting on a CVE, which upstream did not
yet have... but upstream had already pushed the new release to CPAN.

Despite requesting stable, though,
shows that "testing" was requested.

Should I wait, then push to stable? Or is this going to go to stable

My apologies if I screwed up, but it didn't seem like a good idea to
wait on the CVE...


P.S. Please find here more apologies about only packaging updates on
an irregular basis and therefore not being 100% plugged in :/

More information about the devel mailing list