Security update process without CVEs
awilliam at redhat.com
Fri Jan 24 05:13:15 UTC 2014
On Thu, 2014-01-23 at 22:53 -0600, Dennis Gilmore wrote:
> El Thu, 23 Jan 2014 14:51:51 -0800
> Adam Williamson <awilliam at redhat.com> escribió:
> > On Tue, 2014-01-21 at 14:32 -0700, Kevin Fenzi wrote:
> > > On Tue, 21 Jan 2014 16:26:19 -0500
> > > Dan Scott <denials at gmail.com> wrote:
> > >
> > > > Hi:
> > > >
> > > > A few hours ago I submitted requests to push perl-MARC-XML
> > > > directly to stable (by filling out the "fedpkg update" request
> > > > with type=security and request=stable)
> > >
> > > You cannot push any update directly to stable.
> > >
> > > Security updates have to go though the same process as any other
> > > update.
> > This seems like a good point to ask, actually: what the hell does that
> > field actually *mean*? I just toss a coin to fill it in, usually.
> What it means is that its marked as a security bug in the
> updateinfo.xml.gz metadata so that if you have the security only plugin
> enabled it will be available, I believe the gui tools also mark it
> differently, but I've not ever used them.
I didn't mean type= . I meant request= . Looks like the question was
basically answered later, though.
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
More information about the devel