[Fedora-packaging] critical path security update policy

[Jerry Bratton]

>Check out the bodhi ticket! In particular the automated comment from
>2015-04-18. With the next push it will appear in the updates repo. That
>is not a matter of minutes, because AFAIK the release process is not fully
>automatic [yet] and triggered by an admin.
>
>Btw, 18 minus 7 is not 17. And IMO you're getting unfair, if you don't
>take into account the time it takes for package maintainers to prepare
>updates.

Today is April 20th. Mozilla released the fix April 3rd. Twenty minus three is seventeen.

This is intended to be a discussion about how to reduce the time it takes for security updates to reach users. The figure of 17 reflects the time so far it has taken for this fix on Fedora's end. I am not trying to be "unfair," I am simply pointing out the reality. There are any number of bottlenecks that have already been mentioned in this thread which are contributing to the 17 day wait at Fedora. The 2 day wait (so far) since this was marked stable is yet another example. It is my feeling that there is room for improvement, which is why I initiated this dialog to explore in what ways the process may be improved.