On Mon, 2004-11-29 at 09:34 +0000, Mark Scott wrote: > Is there some kind of policy on when an update gets merged in with another? > If this continues to happen it can *really* delay the previous fixes. Bug > 2148 has been open since 11th October, which means there has been nearly 2 > months with webservers running an insecure httpd. I don't think there is an official policy, but if packages already have some QA done on them, opening a new bug for newer issues is the best idea. Bug 2148 still needs a rh73 VERIFY for it to get pushed to official updates and then the other vulnerability can be addressed. Marc.
Description: This is a digitally signed message part