[Mageia-dev] Finalizing update process

Ahmad Samir ahmadsamir3891 at gmail.com
Wed Jun 8 23:53:51 CEST 2011


On 8 June 2011 23:40, Anssi Hannula <anssi.hannula at iki.fi> wrote:
> On 08.06.2011 23:23, Ahmad Samir wrote:
>> On 8 June 2011 21:45, Samuel Verschelde <stormi at laposte.net> wrote:
>>> Le mercredi 8 juin 2011 19:39:55, Ahmad Samir a écrit :
>>>
>>>> IMHO, rejection reasons:
>>>
>>>> - The sec team doesn't think the update fixes a serious security
>>>
>>>> vulnerability; so it's not updates but backports
>>>
>>> What about bugfix updates ? I guess fixing a bug is a valid reason for an
>>> update, like it was in Mandriva's updates.
>>>
>>> Regards
>>>
>>> Samuel
>>
>> Right, I probably phrased that one wrongly; I meant:
>> fixes a serious bug, e.g. crashing, segfaulting
>
> I don't think we should exclude non-serious bugs :)
>

Depends, overworking the sec team doesn't look like a good aspect...
(that's why I liked contrib in mdv, I could push an update any time,
without having to go though the bug report -> QA -> Sec team loop).

> (or version updates in some cases, like firefox/opera/flash or updating
> an rc/beta version to a stable one, and maybe some online games that are
> useless unless on latest version)
>

I agree, (except for the games part, nowadays if it's less than 4GB
it's not really a "game").


Maybe the sec team should only work on sec fixes, and there should be
a sub-group of the sec team that handle the not
CVE|crash|segfaulting|buffer-overflow updates.

> --
> Anssi Hannula
>



-- 
Ahmad Samir


More information about the Mageia-dev mailing list