Re: so, we've got FC2 now...

[Matthew Miller <mattdm mattdm org>]

On Tue, Apr 12, 2005 at 05:14:26PM +0300, Pekka Savola wrote:
> So.. Why do we want these bugs? If Fedora didn't fix them while they 
> had the responsibility, they surely shouldn't be shorned in our 
> direction either ?

Um, because some of them are security bugs that they never got around to
fixing. That's kind of annoying (Fedora security process definitely seems to
be disturbingly low priority -- see the perl-suid buffer overflow trivial
root exploit, for example) but I don't really care whose responsibility it
ought to be, since there are people who are depending on us to make
available patches to secure their systems.

I think all the non-security FC2 bugs should be closed as WONTFIX, with the
note:

"Fedora Core 2 is now maintained for security updates only by the Fedora
Legacy project. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC4 test release, reopen and change the
version to match."

But I am a bit reluctant to do this to 1100+ bugs without some general
agreement that this is a good idea.


-- 
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>