[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problems with bodhi and security updates



One more thing: you're quick to blame the security team approval process when 
it delays your Fedora 8 update, but this is already the third update you're 
pushing to Fedora 7 updates-testing, with now 2 CVEs fixed, and you appear not 
to have requested a push to stable for any. I know you can't personally test 
the package on all distributions, but this is the case of a security update, 
which should be pushed as soon as possible, not held for testing. If you're 
using the same specfile, chances are the security fix will work on all distros 
if it works on one, and that's really the most important thing in a security 
update. But also in other cases, distro-version-specific breakage is rare, it 
usually only happens if the different Fedora versions are patched differently 
and for one the patch is broken or not applied properly. In this case, 
everything is updated to the latest upstream version (which includes the 
patches already), so any breakage will (usually) be seen the same way 
everywhere, it doesn't make sense to make it wait longer for some versions than 
for others.

Many maintainers don't even test their NON-security updates on all Fedora 
versions before they push them. (Hey, you're lucky if they even tested it on 
ANY distro. ;-) ) You may think that's a bad idea, but at least for security 
updates, I think getting it out quickly is more important.

        Kevin Kofler


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]