On Tue, Jun 28 2022 at 03:29:33 PM +0200, Zbigniew Jędrzejewski-Szmek
<zbys...@in.waw.pl> wrote:
We can treat this as an experiment. The hope is that Java upstream is
big enough to be able to release updates for any CVEs in a timely
manner,
and that the RHEL/Fedora maintainers are able to provide updates in a
timely
manner. If it turns out this is not the case, we can unbundle again.
I hope the Java maintainers ensure the RPM has proper Provides:
bundled(foo) for each bundled library, including bundled dependencies
of bundled libraries, so that Product Security can track CVEs. The
FESCo approval to bundle should be contingent on adherence to this
existing Fedora policy.
Michael
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
