Re: Security release criterion proposal | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Thu, 2011-05-19 at 10:00 +0800, Eugene Teo wrote: > I say, local privilege escalations with publicly available exploits, and > remotely triggerable vulnerabilities. If such an issue is known before > Final, we should attempt to address it before releasing. Note, a release criterion would have a stronger result: you say 'attempt to address it before releasing', but the effect of a release criterion is that issues which breach it *must* be fixed before we release; the release would slip until it was addressed. If you want a weaker effect, the NTH process (which works off more flexible 'principles' rather than strict criteria) is appropriate: an NTH bug is one for which we will break a release freeze to take a fix, but which doesn't block the release (if a fix isn't ready in time, we still go ahead and release). Once we have consensus on a release criterion - or not having a release criterion - I'll make a follow-up proposal for an NTH principle to cover less serious security issues. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
[Home] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Coolkey] [Fedora Tools]
