[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: The Debian/Ubuntu SSL bug



>>>>> "GD" == Greg DeKoenigsberg <gdk redhat com> writes:

GD> Are there any steps we can take to protect ourselves from this
GD> kind of mistake -- in which a packager does something dumb to the
GD> package and no one notices it?

Well, we're starting with
  http://fedoraproject.org/wiki/PackagingDrafts/PatchUpstreamStatus
which has been passed by the packaging committee and ratified by
FESCo.  Of course, it's not mandatory, but it's a start.  (And as much
as I hate to think about more bureaucracy, it's probably worth
considering whether it should be mandatory in light of the problem
under discussion.)

>From here we can both extend the information we keep about patches and
write some tools for tracking and displaying that information so that
folks can examine the patch status of a package without having to read
the specfile or pulling patches from CVS.

 - J<


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]