Stephen Gallagher wrote: > Generally, whenever Node.js issues a security release, they do so for > multiple issues simultaneously. When Product Security then goes and creates > Bugzilla tickets, they create many (sometimes up to five bugs per CVE). It > becomes nearly impossible to keep up with the bug maintenance in such > situations. The process is just too heavyweight and I often end up just > doing the upstream releases and ignoring the BZs. > > If we want this to be more accurate, we really need to have a more > streamlined and/or automated solution for these issues.
Of course, the real solution would be decent code quality upstream, so that security fixes would be rare, not come in heaps. Björn Persson
pgpNFhNBPaTcI.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
