How can we make security updates faster?

Jaroslav Reznik jreznik at redhat.com
Wed May 30 08:41:17 UTC 2012


----- Original Message -----
> J├│hann B. Gu├░mundsson wrote:
> 
> > On 05/29/2012 05:21 AM, Adam Williamson wrote:
> >> We actually have this on the QA wishlist and it was one of the
> >> projects
> >> we proposed for GSoC for QA, but it didn't quite make it. We may
> >> still
> >> wind up doing it through some other channel, though. See also
> >> 
> https://fedoraproject.org/wiki/Summer_coding_ideas_for_2012#Fedora_Gooey_Karma
> >>  andhttp://blog.tirfa.com/gooey-karma.
> > 
> > It makes no sense to have a gui application ( or an application for
> > that
> > matter ) without having written the relevant how to debug/how to
> > test
> > pages for each component to accommodate it.
> 
> Indeed. However, I'd argue *both* pieces, a karma app and good
> test-cases,
> are needed, and one not need block on the other.

Security updates are usually a different sort of beasts - even as 
developer you sometimes do not have a way how to reproduce it, or
steps are not very clear (as for example some parts are not disclosed
etc.). 

Also sometimes we need to go out with an update to Bodhi while it's still
under EMBARGO to be able to release it once embargo is over (so it should 
be visible only for a specific group of people, you can't disclose it 
on public, not a test case...).

So something like not only Security SIG but our own Fedora Sec. 
response team makes sense. But it's a huge amount of work - so it's
only for brave people... You have to work with developers from the
beginning to the release, it's also coordination job etc.

Jaroslav

> -- rex
> 
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel


More information about the devel mailing list