Extras errata

[Josh Bressers]

> On Thu, 2006-06-29 at 17:15 -0400, Josh Bressers wrote:
> > Hi everyone,
> > 
> > I finally checked in an extras errata generation system.  It's rather
> > trivial.  I've been sitting on this for a few weeks and just haven't had
> > time to clean it up enough to commit it.
> 
> And now we've sat on it a bit more, no announcements sent :(.  Let's try
> to improve.

Indeed.  Sadly I've had a terribly hectic July and it's still not over.  We
shall have to have a discussion next week regarding how to best handle this
moving forward.  The hardest part is that there isn't a nice way to tell
when a package has been built and pushed.  Ideally the bug gets updated,
but that's not always the case.

> 
> > Now we have to think about how editing should be handled.  I'm thinking at
> > least one other team member should approve an errata before it gets mailed.
> > 
> > Thoughts?
> 
> Works for me.  As a general rule, who mails it?  The package maintainer?
> The 1st or 2nd security team member handling the issue?

I'm thinking the person who has taken responsibility for the issue in
question should also send the mail.  This is up for discussion of course.

> 
> It might not be a bad idea to add a "CVE ID(s):" placeholder somewhere
> in the template so that info is more likely to be included in the
> announcement.

I agree with this.  I'll take a look next week, if nobody else does it
first.

-- 
    JB