On Fri, Jan 20, 2023 at 04:47:05PM +, Gary Buhrmaster wrote:
> On Fri, Jan 20, 2023 at 3:48 PM Richard Shaw wrote:
>
> > I think in practical terms that makes sense but our tools don't really help.
>
> I agree, and that seems to be an artifact of
> the single Fedora component in RHBZ, which
On Fri, Jan 20, 2023 at 2:29 PM Demi Marie Obenour
wrote:
>
> My general rule is that a security fix is worth backporting a SONAME change
> for, if there is no way to backport the patch.
>
In this case all the Fedora branches are recent enough but EL 7 and EL 8
are not and are impractical to fix
On 1/20/23 10:48, Richard Shaw wrote:
> On Fri, Jan 20, 2023 at 9:22 AM Gary Buhrmaster
> wrote:
>
>> On Fri, Jan 20, 2023 at 1:54 PM Richard Shaw wrote:
>>>
>>> So is it when a build is complete in Rawhide? Or must *ALL* active
>> releases get the "fix"?
>>>
>>
>> I am not sure it is official p
On Fri, Jan 20, 2023 at 4:47 PM Gary Buhrmaster
wrote:
> such as yourself are contentious about
> doing the right thing).
Obviously that word should have been conscientious
(I hate autocorrect).
___
devel mailing list -- devel@lists.fedoraproject.org
T
On Fri, Jan 20, 2023 at 4:53 PM Kevin P. Fleming wrote:
> Small clarification: where you wrote 'component' you meant 'product' :-)
> BZ has both Products and Components, forming two levels. RHEL 7/8/9 are
> Products, on the same level as Fedora.
Thanks. I suppose I should have actually checked
On 1/20/23 11:47, Gary Buhrmaster wrote:
I agree, and that seems to be an artifact of
the single Fedora component in RHBZ, which
treats Fedora as one thing.
I supposed (in theory again) that there could
be a master bugzilla for the CVE which depends
on child bugzillas for each impacted Fedora
re
On Fri, Jan 20, 2023 at 3:48 PM Richard Shaw wrote:
> I think in practical terms that makes sense but our tools don't really help.
I agree, and that seems to be an artifact of
the single Fedora component in RHBZ, which
treats Fedora as one thing.
I supposed (in theory again) that there could
be
On Fri, Jan 20, 2023 at 9:22 AM Gary Buhrmaster
wrote:
> On Fri, Jan 20, 2023 at 1:54 PM Richard Shaw wrote:
> >
> > So is it when a build is complete in Rawhide? Or must *ALL* active
> releases get the "fix"?
> >
>
> I am not sure it is official policy/practice, but in
> theory I would think th
On Fri, Jan 20, 2023 at 1:54 PM Richard Shaw wrote:
>
> So is it when a build is complete in Rawhide? Or must *ALL* active releases
> get the "fix"?
>
I am not sure it is official policy/practice, but in
theory I would think that the CVE is technically
closed when all impacted Fedora releases ge
On Fri, Jan 20, 2023 at 8:54 AM Richard Shaw wrote:
>
> So is it when a build is complete in Rawhide? Or must *ALL* active releases
> get the "fix"?
>
It depends on the severity of the CVE. For High severity ones it
makes sense to fix in all active releases, less so for Medium/Low
CVEs.
hth
S
So is it when a build is complete in Rawhide? Or must *ALL* active releases
get the "fix"?
Thanks,
Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
11 matches
Mail list logo
