[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problems with bodhi and security updates



On Sun, Jan 27, 2008 at 11:09:08PM +0200, Ville Skyttä wrote:
> On Sunday 27 January 2008, Luke Macken wrote:
> >
> > This extra security approval step exists to ensure that someone on the
> > security team looks at your update and makes sure that it contains all
> > of the relevant bugs, [...]
> 
> Thanks Luke, this is helpful.  If it's desirable to get all those things done 
> for security updates before they enter repos, I understand that it will slow 
> them down.  I still don't like it though.  Is there an estimate how much that 
> is/will be on the average?

I have no idea how much this will slow things down, we'll find out
though.  At the moment the security team uses lots of black magic to get
their job done, from maintaining a flat file in CVS to track issues, to
writing a Bugzilla perl module to do bug cloning.  I'm hoping that this
integration with our update process will help improve this process and
open it up to more contributors.

The biggest bottleneck in the process currently is not waiting for
security approval, but waiting for releng to sign the updates.  We're
hoping to have the signing server in place by F9 or shortly thereafter,
so that will definitely help speed things up *alot*.

> BTW, should I have been aware of the process change, was it announced 
> somewhere?

I'm not quite sure.  The TrackingBugs page went from Lubomir's namespace
to Security, so I'm assuming it went through FESCo approval?

> > [0]: http://fedoraproject.org/wiki/Security/TrackingBugs
> 
> Link to this page added in PackageMaintainers/UpdatingPackageHowTo.

Awesome, thanks for that.


luke


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]