[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)

Fri Jul 6 02:34:02 CEST 2012

Guillaume Rousse wrote:
+> So, before any further contribution from my side, I'd like the people in 
+> charge of security updates to find some internal agreement about what 
+> kind of help they expect from other people exactly. If that's just to 
+> push a non-discussable list of changes into spec files, they could as 
+> well ask for SVN commit and package submission rights, to do it 
+> directly. This would avoid a large amount of anger and frustration for 
+> everyone.
+
+Nobody is in charge, which is part of the problem.  I think a lot of us packagers come from Mandriva 
+where we were used to Oden being in charge of updates for stable distros, and therefore not having 
+to worry about it.  We are a community distro, we have no paid security manager.  It is all of our 
+responsibility to do security updates for stable distros.
+
+As far as what kind of help is expected, it varies per bug really.  Some of them have maintainers 
+that might want to give input.  Some I would like to know from someone else more experienced or who 
+has more at stake in a package how to handle an update when there are choices.  Sometimes other 
+distros have pushed an updated (bugfix-only) version, or patched other bugs as well, rather than 
+just patched the security bug.  Based on my descriptions in my e-mail and comments in the bugs, you 
+can see some of those that I'd just like some advice.  Others are more complicated or packages that 
+I don't know anything about.  Bottom line is, the ones I've asked about, there's some reason I 
+haven't just done it myself.  Any help you can offer is appreciated.  If you want clarification on 
+any particular one what I need, please just ask me.
+
+