|| ||Matthew Miller <mattdm-AT-mattdm.org>|
|| ||Discussion of the Fedora Legacy Project <fedora-legacy-list-AT-redhat.com>|
|| ||Re: so, we've got FC2 now...|
|| ||Tue, 12 Apr 2005 11:02:50 -0400|
On Tue, Apr 12, 2005 at 05:14:26PM +0300, Pekka Savola wrote:
> So.. Why do we want these bugs? If Fedora didn't fix them while they
> had the responsibility, they surely shouldn't be shorned in our
> direction either ?
Um, because some of them are security bugs that they never got around to
fixing. That's kind of annoying (Fedora security process definitely seems to
be disturbingly low priority -- see the perl-suid buffer overflow trivial
root exploit, for example) but I don't really care whose responsibility it
ought to be, since there are people who are depending on us to make
available patches to secure their systems.
I think all the non-security FC2 bugs should be closed as WONTFIX, with the
"Fedora Core 2 is now maintained for security updates only by the Fedora
Legacy project. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC4 test release, reopen and change the
version to match."
But I am a bit reluctant to do this to 1100+ bugs without some general
agreement that this is a good idea.
Matthew Miller firstname.lastname@example.org <http://www.mattdm.org/>>
Boston University Linux ------> <http://linux.bu.edu/>>
fedora-legacy-list mailing list
to post comments)