PRs for Typo3 time out
Helmut Schneider
jumper99 at gmx.de
Tue Aug 10 17:14:16 UTC 2010
Mark Linimon wrote:
> On Tue, Aug 10, 2010 at 10:56:44AM +0000, Helmut Schneider wrote:
> > in the past I created a few PRs with patches for important security
> > updates for typo3. Unfortunately they all timed out.
> >
> > What is the time GNATS is waiting for feedback of the maintainer?
>
> It's 14 days for a normal update or bugfix. For security problems,
> that doesn't matter: they should be fixed as soon as possible. If
> the security problem is not serious, I think it's fair to notify the
> maintainer before the commit; otherwise, it can go in immediately.
>
> > Does it make a difference if importance and/or severity are raised?
>
> No, not really. The values of these have been so over-set in GNATS
> that the only people that notice them are the bugbusting team. I try
> to keep the Severity=critical ones in order, but everything else is
> meaningless.
>
> > IMHO it is a problem if important security fixes are approved only
> > after a 14-day-or-more timeout. Are there mechanisms to avoid such a
> > delay?
>
> a) you can try adding "[security]" to the Synopsis line; this may help
> make it more visible.
>
> b) I will email the maintainer and ask if he is willing to transfer
> maintainership to you.
Me?! Huh! What does that mean? :) I mean, what if I run into problems?
> In general, if people are having problems with how individual ports
> are maintained, they should email portmgr at FreeBSD.org and bring it to
> our attention directly. Thanks.
I didn't mean to blame others, I'm just concerned about security.
More information about the freebsd-ports
mailing list