The Debian/Ubuntu SSL bug
Jason L Tibbitts III
tibbs at math.uh.edu
Tue May 13 19:23:13 UTC 2008
>>>>> "GD" == Greg DeKoenigsberg <gdk at redhat.com> writes:
GD> Are there any steps we can take to protect ourselves from this
GD> kind of mistake -- in which a packager does something dumb to the
GD> package and no one notices it?
Well, we're starting with
http://fedoraproject.org/wiki/PackagingDrafts/PatchUpstreamStatus
which has been passed by the packaging committee and ratified by
FESCo. Of course, it's not mandatory, but it's a start. (And as much
as I hate to think about more bureaucracy, it's probably worth
considering whether it should be mandatory in light of the problem
under discussion.)
>From here we can both extend the information we keep about patches and
write some tools for tracking and displaying that information so that
folks can examine the patch status of a package without having to read
the specfile or pulling patches from CVS.
- J<
More information about the fedora-advisory-board
mailing list