Criterion proposal: security
"Jóhann B. Guðmundsson"
johannbg at gmail.com
Fri Oct 26 19:33:11 UTC 2012
On 10/26/2012 07:14 PM, Adam Williamson wrote:
> I wanted to raise the question of whether it makes
> sense in general to hold our releases for some security bugs. Right now
> we have no capacity to do that.
I dont think that should be for us to decide. When we encounter
potential security issue in the development release cycle we should just
forward those issue to the security team to determine if that's the case
and let's assume it is then *they* would contact fesco which in turn
decides if the release should be *delayed* or not until that security
issue has been addressed.
Given that these issue are few and far in between I dont think it
warrants an specific criteria surrounding it but should rather be dealt
on a case by case bases.
The security community exists for this exact purpose so let's just let
them handle that. They are expert in what they do...
JBG
More information about the test
mailing list