On 29. 01. 20 22:49, Richard W.M. Jones wrote:
On Wed, Jan 29, 2020 at 10:26:56PM +0100, Miro Hrončok wrote:
Here is an initial (albeit randomly generated) proposal of X and Y:
severity CRITICAL/HIGH MEDIUM LOW
X 2 4 6
Y 2 4 6
In RHEL, low impact security bugs wouldn't normally be fixed until the
next minor release, which would be 6-12 months after the issue is
reported. I don't think it's valuable to badger packagers about bugs
that have "minimal consequences" to use the terminology from
https://access.redhat.com/security/updates/classification
My idea was that within half a year, it should be wither fixed or CLOSED as
WONTFIX or UPSTREAM. If we don't agree, I'm completely fine making it 12 months
or even ignore such bugs in the policy entirely.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
