On 8/12/15, Andrew Lutomirski <l...@mit.edu> wrote: > IMO it would be really really neat if Fedora could deterministically > rebuild whatever binary Mozilla distributes and have a binary > identical package. > > /me stops daydreaming > > I think that, in general, Fedora is too slow about turning a security > update submitted to stable via Bodhi into an actual available update. > For high-profile things like Firefox, we're pretty good about getting > karma, but even that depends on people manually installing an update > that isn't actually available in updates-testing so they can give it > karma.
Delay from package manager can't be avoided, signing, mirroring, testing, building... But for some popular packages we should open a seperate channel to push them immediately after successful koji build(also marked as ok for push from packager). Firefox and chromium are hitting exploits always. /daydreaming as well. -- Yours sincerely, Christopher Meng http://awk.io -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
