I read the policy [0] as "major (bug | security) fixes", and the CVE is only rated as moderate [1]. Should the policy be read as "(major bug | any security) fixes"? I am not opposed to building the update on F31 as well.
[0] https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#all-other-updates [1] https://access.redhat.com/security/cve/CVE-2020-13962 On Thu, Sep 24, 2020 at 11:17 AM Ian McInerney <ian.s.mciner...@ieee.org> wrote: > > In your original email you said that this resolves CVE bug [1], which says in > it: > > "NOTE: this issue affects multiple supported versions of Fedora. While only > one tracking bug has been filed, please correct all affected versions at the > same time. If you need to fix the versions independent of each other, you > may clone this bug as appropriate." > > That to me sounds like the CVE should be patched in F31 as well - so since > this update fixes it, the update would be suitable for F31. > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1849735 > > -Ian > > On Thu, Sep 24, 2020 at 5:01 PM Carl George <c...@redhat.com> wrote: >> >> F32 is fine by me. Based on the updates policy [0], I don't believe >> this update qualifies under the "major bug fixes and security fixes" >> restriction for the previous stable release. >> >> [0] >> https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#all-other-updates >> >> On Wed, Sep 23, 2020 at 2:54 PM Richard Shaw <hobbes1...@gmail.com> wrote: >> > >> > On Wed, Sep 23, 2020 at 2:42 PM Carl George <c...@redhat.com> wrote: >> >> >> >> Yes, the patch is from an upstream pull request [0] that has already >> >> been merged to the master branch [1] and is planned to be included in >> >> their next release [2] (it's not part of the current 1.3.2 tag). The >> >> pull request includes a comment linking to said pull request, per the >> >> packaging guidelines [3]. Mumble's traditional push-to-talk >> >> functionality doesn't work under Wayland; this patch adds dbus calls >> >> that can be mapped to keyboard shortcuts as a workaround. I've built >> >> it like this in COPR [4] and it's worked great for me so far. >> > >> > >> > So next, question... Do builds need to be performed all the way back to >> > f31, or is f32 okay? >> > >> > Thanks, >> > Richard >> > _______________________________________________ >> > devel mailing list -- devel@lists.fedoraproject.org >> > To unsubscribe send an email to devel-le...@lists.fedoraproject.org >> > Fedora Code of Conduct: >> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: >> > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org >> >> >> >> -- >> Carl George >> _______________________________________________ >> devel mailing list -- devel@lists.fedoraproject.org >> To unsubscribe send an email to devel-le...@lists.fedoraproject.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org -- Carl George _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
