Bodhi 0.7.5 release
pbrobinson at gmail.com
Wed Jun 30 19:50:01 UTC 2010
On Wed, Jun 30, 2010 at 8:37 PM, Stephen Gallagher <sgallagh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 06/30/2010 03:29 PM, Tom Lane wrote:
>> Will Woods <wwoods at redhat.com> writes:
>>> On Wed, 2010-06-30 at 15:04 -0400, Tom Lane wrote:
>>>> Yes I can. I have two critpath packages that are in testing with
>>>> security bugs, both pretty small and easy to test, and both still have
>>>> karma zero. That seems to me to be adequate proof that there's not the
>>>> manpower out there to do this.
>>> Have you actually asked anyone to test it? Or even considered
>>> *mentioning the names of the packages* so maybe someone here could help?
>> I mentioned libtiff in my first comment in this thread. The other one
>> is libpng. But in any case, are maintainers supposed to have to scare
>> up testers on their own? Especially for packages that are supposed to
>> be so central as to be critpath? If there aren't testers coming out of
>> the woodwork, this scheme is doomed to failure.
>> regards, tom lane
> A suggestion: when critical path updates hit updates-testing, a
> notification should go to both devel at lists.fedoraproject.org and
> qa at lists.fedoraproject.org to encourage testing.
I think a daily digest to test@ and qa@ would be better, I'm sure the
last thing people need is more than one extra email a day. If its a
security issue maybe an individual email would be worthwhile but even
then there's only one push a day.
More information about the devel