Date: Tue, 10 Aug 2010 17:14:04 +0000 (UTC) From: "Helmut Schneider" <jumper99@gmx.de> To: freebsd-ports@freebsd.org Subject: Re: PRs for Typo3 time out Message-ID: <xn0gxq4ea1qqqn000@news.gmane.org> References: <xn0gxpudy8faoc4000@news.gmane.org> <20100810150433.GB32263@lonesome.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Linimon wrote: > On Tue, Aug 10, 2010 at 10:56:44AM +0000, Helmut Schneider wrote: > > in the past I created a few PRs with patches for important security > > updates for typo3. Unfortunately they all timed out. > > > > What is the time GNATS is waiting for feedback of the maintainer? > > It's 14 days for a normal update or bugfix. For security problems, > that doesn't matter: they should be fixed as soon as possible. If > the security problem is not serious, I think it's fair to notify the > maintainer before the commit; otherwise, it can go in immediately. > > > Does it make a difference if importance and/or severity are raised? > > No, not really. The values of these have been so over-set in GNATS > that the only people that notice them are the bugbusting team. I try > to keep the Severity=critical ones in order, but everything else is > meaningless. > > > IMHO it is a problem if important security fixes are approved only > > after a 14-day-or-more timeout. Are there mechanisms to avoid such a > > delay? > > a) you can try adding "[security]" to the Synopsis line; this may help > make it more visible. > > b) I will email the maintainer and ask if he is willing to transfer > maintainership to you. Me?! Huh! What does that mean? :) I mean, what if I run into problems? > In general, if people are having problems with how individual ports > are maintained, they should email portmgr@FreeBSD.org and bring it to > our attention directly. Thanks. I didn't mean to blame others, I'm just concerned about security.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xn0gxq4ea1qqqn000>