[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: The Debian/Ubuntu SSL bug

From: Jason L Tibbitts III <tibbs math uh edu>
To: fedora-advisory-board redhat com
Cc: Mark Cox <mjc redhat com>
Subject: Re: The Debian/Ubuntu SSL bug
Date: 13 May 2008 14:23:13 -0500

>>>>> "GD" == Greg DeKoenigsberg <gdk redhat com> writes:

GD> Are there any steps we can take to protect ourselves from this
GD> kind of mistake -- in which a packager does something dumb to the
GD> package and no one notices it?

Well, we're starting with
  http://fedoraproject.org/wiki/PackagingDrafts/PatchUpstreamStatus
which has been passed by the packaging committee and ratified by
FESCo.  Of course, it's not mandatory, but it's a start.  (And as much
as I hate to think about more bureaucracy, it's probably worth
considering whether it should be mandatory in light of the problem
under discussion.)

>From here we can both extend the information we keep about patches and
write some tools for tracking and displaying that information so that
folks can examine the patch status of a package without having to read
the specfile or pulling patches from CVS.

 - J<

References:
- The Debian/Ubuntu SSL bug
  - From: Greg DeKoenigsberg

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]