On Wed, Jun 30, 2010 at 8:37 PM, Stephen Gallagher <sgallagh(a)redhat.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/30/2010 03:29 PM, Tom Lane wrote:
> Will Woods <wwoods(a)redhat.com> writes:
>> On Wed, 2010-06-30 at 15:04 -0400, Tom Lane wrote:
>>> Yes I can. I have two critpath packages that are in testing with
>>> security bugs, both pretty small and easy to test, and both still have
>>> karma zero. That seems to me to be adequate proof that there's not the
>>> manpower out there to do this.
>
>> Have you actually asked anyone to test it? Or even considered
>> *mentioning the names of the packages* so maybe someone here could help?
>
> I mentioned libtiff in my first comment in this thread. The other one
> is libpng. But in any case, are maintainers supposed to have to scare
> up testers on their own? Especially for packages that are supposed to
> be so central as to be critpath? If there aren't testers coming out of
> the woodwork, this scheme is doomed to failure.
>
> regards, tom lane
A suggestion: when critical path updates hit updates-testing, a
notification should go to both devel(a)lists.fedoraproject.org and
qa(a)lists.fedoraproject.org to encourage testing.
I think a daily digest to test@ and qa@ would be better, I'm sure the
last thing people need is more than one extra email a day. If its a
security issue maybe an individual email would be worthwhile but even
then there's only one push a day.
Peter
Peter