From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2011-August/007521.html | 120 +++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 zarb-ml/mageia-dev/2011-August/007521.html (limited to 'zarb-ml/mageia-dev/2011-August/007521.html') diff --git a/zarb-ml/mageia-dev/2011-August/007521.html b/zarb-ml/mageia-dev/2011-August/007521.html new file mode 100644 index 000000000..3ed76fcd3 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-August/007521.html @@ -0,0 +1,120 @@ + + + + [Mageia-dev] Status report for Mageia 1 updates, and call for help from you packagers + + + + + + + + + +

[Mageia-dev] Status report for Mageia 1 updates, and call for help from you packagers

+ Samuel Verschelde + stormi at laposte.net +
+ Thu Aug 25 19:12:26 CEST 2011 +

+
+ +
Le jeudi 25 août 2011 14:09:26, Stew Benedict a écrit :
+> On 08/24/2011 08:50 PM, Samuel Verschelde wrote:
+> > Hi,
+> > 
+> > I was told that QA Team's work's visibility needs to be improved, so as a
+> > team member I'll try to give you some sort of status report.
+> > 
+> > - 1 has been validated by QA one month ago, but was assigned to security
+> > team following updates policy for security fixes, and got not answer. We
+> > have to improve either the policy or the security team here (or both).
+> 
+> Do you have a pointer to this bug? I'm not finding it in bugzilla. I'm
+> not sure what I can do with it once assigned back to secteam, aside from
+> write an advisory text. I don't have admin rights to release it, etc.
+> (afaik). It was basically my understanding that the secteam role is to
+> initiate the bug, provide patches, POC, and advisory text and the
+> maintainer do the update and pass it on to QA. I've stopped even
+> intiating because they are just sitting there in the new/unassigned
+> state. some for 2 months or more now. While a shiny new KDE is nice, not
+> pushing updates for published vulnerabilities makes us look bad, imho.
+
+It's https://bugs.mageia.org/show_bug.cgi?id=2239
+
+I think the initial idea in the updates policy is that security fixes have to 
+be tested by secteam to ensure that the security problem is not there anymore, 
+because sometimes the upstream or the packager fixes it in a wrong way or does 
+a mistake, so we need to ensure the security problems are really fixed. 
+Otherwise we risk saying that a security issue is fixed when it's not. 
+Obviously, this can't happen if the security team doesn't grow. Maybe some 
+kind of joint effort from security and QA could help ?
+
+I already know updates that have been pushed without the security fixes being 
+tested.
+
+Also, the security bugs being open in bugzilla and not adressed by the 
+packagers is a really big issue, that we have to find a way to fix as soon as 
+possible. Can you give us a link to the list of pending security issues ?
+
+Best regards
+
+Samuel Verschelde
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1