security update process failure

Adam Williamson awilliam at
Mon Sep 5 00:34:43 UTC 2011

On Sun, 2011-09-04 at 23:01 +0200, Karsten Hopp wrote:
> Hi !
> I'd call it a failure when a security update for a critical path package gets stuck in 
> -updates-testing for 6 weeks. I'm talking about the F14 libcap update, where only one 
> proventester cared to test the updated package and commented on it.
> Sure, it is only a minor security issue, but shouldn't security updates have priority in 
> testing over any pet packages you have ?
> Security updates certainly take preference for me as I'm trying to get them submitted as 
> early as possible. But when a package sits in -testing for such a long time I need to ask 
> myself why I should bother with doing timely security updates at all.

The problem is really that not enough people test old releases. Barely
any proventesters are on F14. If you look it's hardly just your update
that's waiting on karma, there are quite a few waiting for F14.

I've had 'do f14 karma' on my todo list for about a week and a half, but
f16 keeps eating the time.

I've mentioned this several times and floated a few ideas to fix it (as
have others), but they haven't really gone anywhere. I haven't seen any
indication that FESCo (which defined the update requirements - it's not
a QA thing) considers it a big problem.
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | adamwfedora

More information about the test mailing list