On Wed, Jun 30, 2010 at 8:29 PM, Tom Lane <tgl(a)redhat.com> wrote:
Will Woods <wwoods(a)redhat.com> writes:
> On Wed, 2010-06-30 at 15:04 -0400, Tom Lane wrote:
>> Yes I can. I have two critpath packages that are in testing with
>> security bugs, both pretty small and easy to test, and both still have
>> karma zero. That seems to me to be adequate proof that there's not the
>> manpower out there to do this.
> Have you actually asked anyone to test it? Or even considered
> *mentioning the names of the packages* so maybe someone here could help?
I mentioned libtiff in my first comment in this thread. The other one
is libpng. But in any case, are maintainers supposed to have to scare
up testers on their own? Especially for packages that are supposed to
be so central as to be critpath? If there aren't testers coming out of
the woodwork, this scheme is doomed to failure.
I for one hope its effective. The recent issues with the evolution
show that its needed! The fact is that people miss things or upstream
will change things they should in a stable release that isn't
expected. Life happens. Worse case if its not is a revert of the bodhi
code that enabled it if it doesn't work.
Peter