Re: so, we've got FC2 now...
[Posted April 13, 2005 by corbet]
| From: |
| Matthew Miller <mattdm-AT-mattdm.org> |
| To: |
| Discussion of the Fedora Legacy Project <fedora-legacy-list-AT-redhat.com> |
| Subject: |
| Re: so, we've got FC2 now... |
| Date: |
| Tue, 12 Apr 2005 11:02:50 -0400 |
On Tue, Apr 12, 2005 at 05:14:26PM +0300, Pekka Savola wrote:
> So.. Why do we want these bugs? If Fedora didn't fix them while they
> had the responsibility, they surely shouldn't be shorned in our
> direction either ?
Um, because some of them are security bugs that they never got around to
fixing. That's kind of annoying (Fedora security process definitely seems to
be disturbingly low priority -- see the perl-suid buffer overflow trivial
root exploit, for example) but I don't really care whose responsibility it
ought to be, since there are people who are depending on us to make
available patches to secure their systems.
I think all the non-security FC2 bugs should be closed as WONTFIX, with the
note:
"Fedora Core 2 is now maintained for security updates only by the Fedora
Legacy project. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC4 test release, reopen and change the
version to match."
But I am a bit reluctant to do this to 1100+ bugs without some general
agreement that this is a good idea.
--
Matthew Miller mattdm@mattdm.org <http://www.mattdm.org/>>
Boston University Linux ------> <http://linux.bu.edu/>>
--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-legacy-list
