#5886: need method for distributing urgent fixes... urgently

[Fedora Release Engineering]

#5886: need method for distributing urgent fixes... urgently
------------------------------+-----------------------
  Reporter:  mattdm           |      Owner:  rel-eng@…
      Type:  enhancement      |     Status:  new
 Milestone:  Fedora 21 Alpha  |  Component:  mash
Resolution:                   |   Keywords:  meeting
Blocked By:                   |   Blocking:
------------------------------+-----------------------

Comment (by jreznik):

 * Is a releng ticket right to ask for this? Who approves it and how?
 My worries are that you have to know a) there's security process, b)
 ticket has to be created. For huge security issues, where a lot of people
 are involved, it's not a big deal. But for other security issues,
 especially for components maintainer create security erratum once in the
 life, it could be an issue. I'm not sure if it's possible in the current
 Bodhi codebase (or how big the task would be), maybe adding check for
 referenced bugs in the update for security fields and if severity is high
 enough (and embargo already passed), show dialog "this is very likely high
 urgent security update, please follow ... and file ticket" - the last part
 could be "click here to notify releng/security team". I know, I did not
 answer approval thing (and also notification part).

 * Is there a way to reduce waiting for humans here without bypassing some
 important checking?
 Embargo is the main delay factor. In our public infrastructure, you can
 start real job after embargo is lifted (of course, you can prepare all
 patches, test scratch build...). But I understand, private builds would be
 a huge amount of work, very likely not worth it. Last time Java guys
 asked, Board approved the idea but nobody pushed for implementation after
 it.

-- 
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/5886#comment:29>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project