Urgent: today's F14 catastrophe with openldap-servers update

[Adam Williamson]

On Tue, 2010-11-23 at 18:21 +0100, Ralf Corsepius wrote:

> > Why was this update made on F14 in the first place?
> >
> IMO, this is the wrong question.
> 
> The better questions would be - How could it happen, this package made 
> it into updates, dispite all this QA bureaucracy is in place?

Remember, critpath testing is intended to ensure that *critical path
functionality* is not broken. The LDAP functionality that's critpath is
_client_ functionality, not server functionality: if you run in an LDAP
environment you need the openldap client functionality to log in.

So it was the client functionality that was tested by those who approved
the update, mostly:

"jhrozek - 2010-11-18 13:24:44
This update fixed both #652315 and #652304 for me. So far no
regressions." (they're both client-side bugs)

"jlaska (proventesters) - 2010-11-18 21:16:59
I've tested the client in my existing SSSD setup. I've done some *basic*
testing of slapd and related binaries to ensure they can survive basic
execution"

I've said before that the critpath process does not ensure, nor does it
aim to ensure, that nothing that goes through the critpath testing ever
has problems, or regressions; what it aims to ensure is that the
critical path functionality isn't broken. Of course, given the laws of
Murphy and Sod, even this is not a guarantee, it's just what the process
aims for.

(You can look at this as ammo for the other side, too: the maintainer
did a version bump that looked perfectly reasonable to him, as he
explained at length...yet it turns out to have a significant problem.
This is a good example of why, if you want a truly stable release
process, you don't do even updates that look perfectly safe unless
they're really needed, and you test the updates as far as is practical.)
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net