The new Update Acceptance Criteria are broken (was: Re: Heads Up - New Firefox update)
Michael Schwendt
mschwendt at gmail.com
Sun Oct 31 07:18:06 UTC 2010
On Sun, 31 Oct 2010 04:37:38 +0100, Kevin wrote:
> Martin Stransky wrote:
> > there's a new Firefox update waiting in Bodhi and we can't push it to
> > stable because of new rules. We recommend you to update to it ASAP as it
> > fixes a public critical 0day vulnerability
> > (https://bugzilla.mozilla.org/show_bug.cgi?id=607222).
>
> Looks like the F13 build got karma quickly enough to land directly in stable
> after all, the F12 build, on the other hand, was stuck in testing for 2 days
> before finally making it out to stable. Yet another blatant example of
> failure of the Update Acceptance Criteria, needlessly exposing our users to
> critical vulnerabilities.
>
> (And no, by giving yet another special exception to Firefox wouldn't be a
> solution. ;-) This problem can hit any other app as well.)
>
> Kevin Kofler
Okay, feedback time.
Lately, there have been several attempts at urging proventesters (and not
just testers in general) to give positive karma for aging critpath updates.
It also has been decided by someone (or maybe even a comittee) to spam
proventesters daily with "[old_testing_critpath]" messages for all three
dist releases, with no day to unsubscribe from that (other than leaving
proventesters group, which is what at least one person has threatened with,
or filtering those messages).
Dunno about other testers (and there aren't many yet), but I have abandoned
F-12 long ago due to lack of time when F-13 became the one to use on a daily
basis. And some time before F-14 Beta, my desktop has been switched to boot
F-14 by default. That's the only opportunity to evaluate F-14 early and
possibly find issues prior to its release. On the contrary, most of Fedora's
users will wait for the final release, and many users will wait even longer.
It's highly likely that bugzilla can confirm that.
F-14 is the the only way forward, and don't like to spend time on F-13 and
older anymore. That also applies to packagers I maintain or monitor. I simply
don't see the user base [target group] anymore.
About positive karma in bodhi, I don't feel comfortable signing off
arbitrary updates just because they didn't crash for me after five
minutes. With some updates, regression has slipped through already.
And the more bugs an update addresses with either patches or a version
upgrade, the more careful I would like to be when testing something.
Also, in my book, an update working on F-14 may still malfunction on an
older dist release due to differences in dependences and the core setup. I
still don't understand why some non-security updates are rushed out with
sometimes not even the package maintainer(s) having tested them at all.
More information about the devel
mailing list