[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security fixes in Extras



> Because I maintain a package (denyhosts) which contains a daemon that
> runs continuously as root, the issue of how to handle security fixes
> for packages in extras interests me greatly.
>
> Some questions:
>
> Is there any defined procedure for handling security fixes?

No.

> What if the maintainer is out of pocket?

Others with CVS access should make the fix in cases like this.

> If I need to push a security fix, is there a way to jump ahead in the
> build queue and expedite the sign and push process?

Not that I know of.  Expediting the sign/push process could be done by
asking someone with access to the buildsys to do the push I suppose.

> Is there somewhere I could send an update announcement?

Here is the best place I think.  There is no fedora-extras-announce list.

Now the real question is, should there be some sort of defined policy for
security fixes?

josh


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]