On Sun, 31 Oct 2010 04:37:38 +0100, Kevin wrote:
> Martin Stransky wrote:
>> there's a new Firefox update waiting in Bodhi and we can't push it to
>> stable because of new rules. We recommend you to update to it ASAP as it
>> fixes a public critical 0day vulnerability
>> (
https://bugzilla.mozilla.org/show_bug.cgi?id=607222).
>
> Looks like the F13 build got karma quickly enough to land directly in stable
> after all, the F12 build, on the other hand, was stuck in testing for 2 days
> before finally making it out to stable. Yet another blatant example of
> failure of the Update Acceptance Criteria, needlessly exposing our users to
> critical vulnerabilities.
>
> (And no, by giving yet another special exception to Firefox wouldn't be a
> solution. ;-) This problem can hit any other app as well.)
>
> Kevin Kofler
Okay, feedback time.
Lately, there have been several attempts at urging proventesters (and not
just testers in general) to give positive karma for aging critpath updates.
It also has been decided by someone (or maybe even a comittee) to spam
proventesters daily with "[old_testing_critpath]" messages for all three
dist releases, with no day to unsubscribe from that (other than leaving
proventesters group, which is what at least one person has threatened with,
or filtering those messages).
Dunno about other testers (and there aren't many yet), but I have abandoned
F-12 long ago due to lack of time when F-13 became the one to use on a daily
basis. And some time before F-14 Beta, my desktop has been switched to boot
F-14 by default. That's the only opportunity to evaluate F-14 early and
possibly find issues prior to its release. On the contrary, most of Fedora's
users will wait for the final release, and many users will wait even longer.
It's highly likely that bugzilla can confirm that.
F-14 is the the only way forward, and don't like to spend time on F-13 and
older anymore. That also applies to packagers I maintain or monitor. I simply
don't see the user base [target group] anymore.
About positive karma in bodhi, I don't feel comfortable signing off
arbitrary updates just because they didn't crash for me after five
minutes. With some updates, regression has slipped through already.
And the more bugs an update addresses with either patches or a version
upgrade, the more careful I would like to be when testing something.
Also, in my book, an update working on F-14 may still malfunction on an
older dist release due to differences in dependences and the core setup. I
still don't understand why some non-security updates are rushed out with
sometimes not even the package maintainer(s) having tested them at all.
I am willing to work with the older, still supported, distros, but would
really appreciate test cases since most of the critical-path bugs the
update addresses are not common and I haven't run into them. That said,
if the update remains without karma, the release is within a month of
end-of-life, then the update could be left in updates testing and docs
changed to provide a warning. I don't think there would be that much
impact on storage to keep an updates-testing repo around on the mirrors
that choose to provide the release. Most just delete the release anyway.
Regards,
OldFart