Fedora Moves Ahead With Plans To Drop Packages Having Bad Security Practices

Written by Michael Larabel in Fedora on 27 August 2018 at 03:53 PM EDT. 22 Comments
FEDORA
The Fedora Engineering and Steering Committee (FESCo) has signed off on plans to drop packages with consistently bad security records.

This is aimed at removing packages from the Fedora package archive that have known security issues against them and not addressed in timely manners. Per today's FESCo meeting minutes, the protocol they agreed upon are:
If a CRITICAL or IMPORTANT security issue is currently open against a package, or a security issue of lower severity has been open for at least 6 months, four weeks before the branch point a procedure similar to long-standing FTBFS will be triggered immediately, with 8 weeks of weekly notifications to maintainers and subsequent orphaning and then subsequent removal from distribution.

This will apply to all Fedora packages moving forward.

FESCo also approved today the renaming of Fedora Atomic Workstation to Fedora Silverblue. But if it's not done in time this could be delayed to Fedora 30.
22 Comments
Related News
Fedora Linux 40 Cleared For Release Next Week
RPM 4.20 Approved For Fedora 41 To Advance Hands-Free Packaging
Fedora 41 Aims For More Reproducible Package Builds Thanks To A Rust Program
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
FESCo Approves The Fedora 41 Switch To DNF5
Fedora 42 Change Proposal Wants To Make KDE Plasma The Default Over GNOME
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Open-Source Radeon Driver Enables Support For Vulkan Video H.264/H.265 Encode
Ubuntu 24.04 Beta Now Available For Testing