[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)

David Walser luigiwalser at yahoo.com
Fri Jul 6 02:34:02 CEST 2012


Guillaume Rousse wrote:
> So, before any further contribution from my side, I'd like the people in 
> charge of security updates to find some internal agreement about what 
> kind of help they expect from other people exactly. If that's just to 
> push a non-discussable list of changes into spec files, they could as 
> well ask for SVN commit and package submission rights, to do it 
> directly. This would avoid a large amount of anger and frustration for 
> everyone.

Nobody is in charge, which is part of the problem.  I think a lot of us packagers come from Mandriva 
where we were used to Oden being in charge of updates for stable distros, and therefore not having 
to worry about it.  We are a community distro, we have no paid security manager.  It is all of our 
responsibility to do security updates for stable distros.

As far as what kind of help is expected, it varies per bug really.  Some of them have maintainers 
that might want to give input.  Some I would like to know from someone else more experienced or who 
has more at stake in a package how to handle an update when there are choices.  Sometimes other 
distros have pushed an updated (bugfix-only) version, or patched other bugs as well, rather than 
just patched the security bug.  Based on my descriptions in my e-mail and comments in the bugs, you 
can see some of those that I'd just like some advice.  Others are more complicated or packages that 
I don't know anything about.  Bottom line is, the ones I've asked about, there's some reason I 
haven't just done it myself.  Any help you can offer is appreciated.  If you want clarification on 
any particular one what I need, please just ask me.



More information about the Mageia-dev mailing list