The EPEL incompatible upgrades policy includes a parenthetical comment on point 2 "need some way to short-circuit this for critical security updates - i.e. remote root". I propose that that if one EPEL Steering Committee member gives permission, the package maintainer may go ahead and submit the update to testing while discussion continues. In addition I propose that it be applicable for updates fixing high severity vulnerabilities in addition to critical.
I think this is important because upstream has to announce these updates publicly before they can be discussed, and it would be in the best interest of users who want to immediately apply a security update to have an easy place to get it, the epel-testing yum repository.
Metadata Update from @carlwgeorge: - Issue tagged with: meeting
We talked about this in the last EPEL Steering Committee meeting. It was agreed that high and critical security fixes could go into -testing earlier. I will be writting a pull request that has a re-written policy proposal. We'll use that as a starting point for discussions and re-writes at our next meeting.
Here is the pull request https://pagure.io/epel/pull-request/231
PR has been merged, so I think this is resolved.
Metadata Update from @carlwgeorge: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open) - Issue tagged with: meeting
Metadata Update from @carlwgeorge: - Issue untagged with: meeting
Login to comment on this ticket.