Thanks for the support. I will start to post more review requests, maybe post them on discourse too...
Currently there is https://bugzilla.redhat.com/show_bug.cgi?id=2163472 (base64) which I opened 1 year ago. Jens On Fri, Feb 16, 2024 at 3:54 AM Christopher Klooz <py0...@posteo.net> wrote: > On 14/02/2024 17.35, Michel Lind wrote: > > As a pandoc user, I'm happy to help with any reviews. Is there a list > where this tends to get posted, apart from devel? > > Thanks, > > Michel > > Once the package needs a review, the request should be found here: > http://fedoraproject.org/PackageReviewStatus/ > > Details of the roles of "contributor" and "reviewer" in the "package > review process" can be found here: > https://docs.fedoraproject.org/en-US/package-maintainers/Package_Review_Process/ > (based upon its history, I expect this page is kept updated but I don't > know for sure) > > According to the elaboration, you need to be in the FAS packager group, > even for reviews. > > On Fri, Feb 09, 2024 at 11:26:33PM +0800, Jens-Ulrik Petersen wrote: > > I should also have added there's an increasing amount of technical debt > with the pandoc packaging - I guess I need to beg people to help with > package reviews: also reminded of our packaging (review) streamlining > discussion from Flock last year. > > Jens > > On Fri, 9 Feb 2024, 23:23 Jens-Ulrik Petersen, <peter...@redhat.com> > <peter...@redhat.com> wrote: > > > Hello I am here - thanks for contacting me. > > I was hoping to cover this as part of my F40 Change, but unfortunately I > haven't gotten to it, so the Change is now at risk of being deferred to F41. > > Nevertheless I will see what I can do about this for F40: maybe a backport > can also be done for F39. > > Next time you could also comment on the relevant > bug:https://bugzilla.redhat.com/show_bug.cgi?id=1996301 - that would be > appreciated. > > Thanks, Jens > > PS Special thanks to Neal Gompa for pinging me in Matrix. 🙏 > > > On Fri, 9 Feb 2024, 20:05 Christopher Klooz, <py0...@posteo.net> > <py0...@posteo.net> wrote: > > > I cannot reach the maintainer petersen (see mail below): The package > "pandoc" remains at 3.1.3 in Fedora, but pandoc is already at 3.1.11.1. > Among the updates since 3.1.3, there have been two security-critical > (including the medium CVE-2023-35936. Security fixes are in 3.1.4 & 3.1.6). > > The actual risk is limited, but these should be updated nevertheless. > > Does anyone know how to reach him by other means? > > Regards, > Chris > > > -------- Forwarded Message -------- > Subject: Fedora package "pandoc" outdated and contains security > vulnerability > Date: Thu, 1 Feb 2024 15:55:09 +0100 > From: py0...@posteo.net > To: peter...@fedoraproject.org > > Hi petersen, > > I am reaching out because of the package "pandoc", which you maintain. > > I have seen that the package is still at version 3.1.3 [1] when I tried > to install it with dnf, whereas the current version is 3.1.11.1 [2]: is > this intended or an accident? > > It has to be noted that the updates that have been added in the meantime > contain fixes for security vulnerabilities (at least CVE-2023-35936; I have > just roughly skimmed the changelogs). So at the moment, it seems the Fedora > build can be exploited by attackers in some circumstances [3] [4] because > it is still at 3.1.3. > > Regards & thanks for maintaining, > > Chris > > [1] https://koji.fedoraproject.org/koji/packageinfo?packageID=11560 > > [2] https://hackage.haskell.org/package/pandoc &https://github.com/jgm/pandoc > > [3] https://github.com/jgm/pandoc/releases?page=1 > > [4] https://github.com/jgm/pandoc/releases?page=2 > > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of > Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List > Archives:https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report > it:https://pagure.io/fedora-infrastructure/new_issue > > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > > > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Jens Petersen *he/him/his* Associate Manager, Software Engineering Display Systems Group & RHEL i18n Subsystem Core Platforms - Global/Product Engineering Singapore <https://www.redhat.com>
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue