Christopher Aillon wrote:
> You really don't see the value in having the engineers that own the code
> give technical review?
I don't think this should be a requirement for each and every patch to ANY
Fedora package.
It is generally not necessary and delays fixing bugs a lot.
> Anyway, it's unfortunate that this really isn't done more often. I
> really think that as a project, we'd be doing a lot better if we
> mandated upstream review before applying patches to any package if you
> aren't an upstream maintainer of the code. As it is now, it's somewhat
> scary to think how many packagers would take a bugfix patch and apply it
> without being able to figure out if there's a potential hidden exploit
> in it...
And you think the average upstream is any better at this? Seriously?
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
