[Fedora-packaging] critical path security update policy
Michael Schwendt
mschwendt at gmail.com
Mon Apr 20 14:47:05 UTC 2015
On Mon, 20 Apr 2015 14:31:05 +0200, Jerry Bratton wrote:
> Michael,
>
> It's clear at this point that you feel this is a problem that is entirely the users' fault.
>
I haven't said that.
What I've said is: if a few more _users_ helped with testing, that would be
an improvement. Especially, since most users install exactly the same packages
anyway when they are published in the updates repo.
> Perhaps you would like to suggest a way to address this? Saying "user's
> should ..." isn't a solution. Maybe you have an idea for an awareness
> / recruiting campaign? That could be helpful.
Twisting words is not helpful. At Fedora, users can influence the quality
of the product. If they don't want to, they are stuck in the pure-consumer
role where they expect a few individuals to perform all the work (the
packaging and the testing) and need to accept that sometimes mistakes
happen and, e.g., some bugs are not found and affect those users.
> Continuing to pontificate about how the users are to blame I don't think is.
This is getting ridiculous, unfortunately. I don't blame users. I point out
that it is possible to take a look at updates before they are unleashed in
the updates repo, which is enabled by default for everyone. That is an
opportunity, not a plague.
> By the way, it has now been 17 days since the security fix was released by Mozilla and the update is STILL stuck in updates testing. And it is 2 days since this update reached stable karma -- how do you blame the users for that?
>
Now you are way too aggressive and negative for my taste. :-/
Check out the bodhi ticket! In particular the automated comment from
2015-04-18. With the next push it will appear in the updates repo. That
is not a matter of minutes, because AFAIK the release process is not fully
automatic [yet] and triggered by an admin.
Btw, 18 minus 7 is not 17. And IMO you're getting unfair, if you don't
take into account the time it takes for package maintainers to prepare
updates.
http://koji.fedoraproject.org/koji/packageinfo?packageID=37
More information about the packaging
mailing list