How can we make security updates faster?
Jaroslav Reznik
jreznik at redhat.com
Wed May 30 08:41:17 UTC 2012
----- Original Message -----
> Jóhann B. Guðmundsson wrote:
>
> > On 05/29/2012 05:21 AM, Adam Williamson wrote:
> >> We actually have this on the QA wishlist and it was one of the
> >> projects
> >> we proposed for GSoC for QA, but it didn't quite make it. We may
> >> still
> >> wind up doing it through some other channel, though. See also
> >>
> https://fedoraproject.org/wiki/Summer_coding_ideas_for_2012#Fedora_Gooey_Karma
> >> andhttp://blog.tirfa.com/gooey-karma.
> >
> > It makes no sense to have a gui application ( or an application for
> > that
> > matter ) without having written the relevant how to debug/how to
> > test
> > pages for each component to accommodate it.
>
> Indeed. However, I'd argue *both* pieces, a karma app and good
> test-cases,
> are needed, and one not need block on the other.
Security updates are usually a different sort of beasts - even as
developer you sometimes do not have a way how to reproduce it, or
steps are not very clear (as for example some parts are not disclosed
etc.).
Also sometimes we need to go out with an update to Bodhi while it's still
under EMBARGO to be able to release it once embargo is over (so it should
be visible only for a specific group of people, you can't disclose it
on public, not a test case...).
So something like not only Security SIG but our own Fedora Sec.
response team makes sense. But it's a huge amount of work - so it's
only for brave people... You have to work with developers from the
beginning to the release, it's also coordination job etc.
Jaroslav
> -- rex
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
More information about the devel
mailing list