[Mageia-dev] Status report for Mageia 1 updates, and call for help from you packagers
dmorganec at gmail.com
Thu Aug 25 15:07:05 CEST 2011
On Thu, Aug 25, 2011 at 2:09 PM, Stew Benedict <stewbintn at gmail.com> wrote:
> On 08/24/2011 08:50 PM, Samuel Verschelde wrote:
>> I was told that QA Team's work's visibility needs to be improved, so as a
>> member I'll try to give you some sort of status report.
>> - 1 has been validated by QA one month ago, but was assigned to security
>> following updates policy for security fixes, and got not answer. We have
>> improve either the policy or the security team here (or both).
> Do you have a pointer to this bug? I'm not finding it in bugzilla. I'm not
> sure what I can do with it once assigned back to secteam, aside from write
> an advisory text. I don't have admin rights to release it, etc. (afaik). It
> was basically my understanding that the secteam role is to initiate the bug,
> provide patches, POC, and advisory text and the maintainer do the update and
> pass it on to QA. I've stopped even intiating because they are just sitting
> there in the new/unassigned state. some for 2 months or more now. While a
> shiny new KDE is nice, not pushing updates for published vulnerabilities
> makes us look bad, imho.
i agree on this point, and this is really something we need to improve quickly
More information about the Mageia-dev