Security testing

Kamil Paral kparal at redhat.com
Thu Aug 4 11:53:33 UTC 2011


> > Honestly, I don't know. On the one hand, I have some scripts that
> > are good for fedora
> > QE in general. For example, the shell error test...why would anyone
> > purposely write
> > shell script that does not work? This can always be fixed before a
> > release. Some tests
> > are still under development like the ELF binary well known tmp file
> > test. This can make
> > some false positives, but there are enough good things in it to
> > start asking real
> > questions about packages...like.../home/cagney/tmp/a.out...why is
> > that in any program?
> > But the chroot tests are solid. As are the exec stack tests. So, yes
> > there are things
> > that can be automated so problems are not shipped.
> 
> Awesome. CCing autoqa-devel on the reply, then; is anyone from AutoQA
> willing to work with Steve to take a look at his tests and identify
> good
> candidates for bringing into AutoQA? Thanks!

I'll reply by describing the current state of AutoQA. I'm afraid we're not there yet.

I don't know how Steve's tests behave, but:
1. We can't run destructive tests (uninstalling packages, deleting system files, stopping services).
2. We can help Steve create the AutoQA wrappers for those tests, but we can't maintain the very tests themselves, obviously. He has to do that.
3. Unfortunately we don't have an infrastructure for third-party test maintainers. Currently the tests have to be in our git, that means he has to send any changes in patches. We deploy new version only once in several weeks at best.
4. I suppose these tests would run after each koji build. The only way of reporting results right now is to send emails for those maintainers that opted-in for this, nothing else.

That said, we would love to execute more tests for Fedora. But until the proper support is ready, it takes quite some effort. The first approach is go through the tests, select some appropriate ones and do that now. The second approach is wait some time until we are ready and then Steve can maintain these tests independently and we just execute them. We will of course create a ticket about that and follow on it when that time comes.


More information about the test mailing list