[Fedora-packaging] critical path security update policy

[Jerry Bratton]

I think there could be a lot of benefit in automated pushing of critical path security updates, rather than requiring the maintainer to push them manually.
 
Could you look into whether there is a compelling justification for not doing this?
 

Sent: Saturday, April 18, 2015 at 5:42 PM
From: "Matthew Miller" <mattdm at fedoraproject.org>
To: "Discussion of RPM packaging standards and practices for Fedora" <packaging at lists.fedoraproject.org>
Cc: Bjorn at rombobjörn.se
Subject: Re: [Fedora-packaging] critical path security update policy
On Sat, Apr 18, 2015 at 10:15:06PM +0200, Jerry Bratton wrote:
> "It must first reach a karma of 2, consisting of 0 positive karma from
> proventesters, along with 2 additional karma from the community."
> While the update has a karma of 2, only one of those is from the
> community (the other being from proventesters). My understanding is that
> the policy requiring 2 karma from the community is currently what's
> keeping the update in testing.

That's just an oblique way of saying "proventesters aren't required".
The proventesters karma is, as far as I know, included in the other.

At this point, the update isn't held up by policy restricting it from
being pushed -- it's up to the maintainers to do so. Now, you could
argue that there should be a policy saying that they *should* push such
updates as soon as possible, but there may be some circumstances we
don't know about.


--
Matthew Miller
<mattdm at fedoraproject.org>
Fedora Project Leader
--
packaging mailing list
packaging at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging