How can we make security updates faster?

"J├│hann B. Gu├░mundsson" johannbg at
Mon May 28 22:13:06 UTC 2012

On 05/28/2012 08:35 PM, Paul Wouters wrote:
> The point of a seperate list would be that peopel interested in giving
> security updates some extra attention wouldn't be swamped with other
> emails, causing them just to filter and file those emails unseen.
> If the pidgin-otr and socat security update information ended up going
> to any QA related lists, it did not seem to help. 

They do so via the update-testing report and even up on top to be the 
first thing reporters read so getting the information to reporters is 
not the problem but getting them to actually test components is and 
there are several issues we need to solve in that regard.

I did an honest effort to improve that situation in the past ( the whole 
scenario is bit more complicated ) when we had around 6000 components in 
the distribution but members of FPC/FESCO choice to make something that 
was necessary for us ( QA ) to be mandatory to solve that and other 
problems, optimal. So instead of having the roughly 6000 components that 
have been added since then plus what we could have caught up with of 
those existing 6000 components with what is needed now, we still have 
roughly the effort I did until I decided to drop it altogether since it 
was quite foreseeable for people that have the ability to think further 
then their nose that it would never work with it being optional.

Long story put short using "Karma" ain't working and wont work unless 
some serious effort is done to get that concept in a workable shape to 
at least give that concept an hope to ever potential to work in the 
first place.

At this point in time we might just as well try some alternative 
solution to the task at hand instead of trying to patch the broken 
existing one.

In any case that's something for us in QA to figure out and hopefully 
FPC/FESCO willl work with us instead of against us this time but given 
how some of them have acted and voted on various task they have been 
given for the last release cycle I doubt that's the case but elections 
are coming up so there might be hope there yet you know fresh 
blood,fresh minds,fresh ideas, fresh approaches etc...


More information about the devel mailing list