Bug details: ** https://bugzilla.redhat.com/show_bug.cgi?id=2405239 ** Information from BlockerBugs App:
The votes have been last counted at 2025-10-23 00:42 UTC and the last processed comment was #comment-990499
To learn how to vote, see: https://pagure.io/fedora-qa/blocker-review A quick example: BetaBlocker +1 (where the tracker name is one of BetaBlocker/FinalBlocker/BetaFE/FinalFE/0Day/PreviousRelease and the vote is one of +1/0/-1)
BetaBlocker +1
BetaBlocker
FinalBlocker
BetaFE
FinalFE
0Day
PreviousRelease
+1
0
-1
FinalBlocker +1
FinalBlocker -1
I guess we should improve our security criterion because it only talks about CVEs that Red Hat rated, and if the package is not in RHEL, then we have no guidance.
At this moment, let's push it "just to be safe": FinalFE +1
I'm not decided regarding the blocker vote right now.
FinalFE +1
I guess we should improve our security criterion because it only talks about CVEs that Red Hat rated
No it doesn't. It says "The release must contain no known security bugs of 'important' or higher impact according to the Red Hat severity classification scale..."
It doesn't say that we must use an evaluation that Red Hat has done. It just says that we must evaluate the issue using the Red Hat scale. If Red Hat does that for us, great. If not, well, the scale is a public document and we have eyes and brains.
Based on my evaluation in the bug report: FinalBlocker -1 as I don't believe the release-blocking images are practically affected by this issue.
Metadata Update from @blockerbot: - Issue status updated to: Closed (was: Open)
Release F43 is no longer tracked by BlockerBugs, closing this ticket.
Log in to comment on this ticket.