security update process failure
Peter Robinson
pbrobinson at gmail.com
Mon Sep 5 00:44:54 UTC 2011
On Mon, Sep 5, 2011 at 1:34 AM, Adam Williamson <awilliam at redhat.com> wrote:
> On Sun, 2011-09-04 at 23:01 +0200, Karsten Hopp wrote:
>> Hi !
>>
>>
>> I'd call it a failure when a security update for a critical path package gets stuck in
>> -updates-testing for 6 weeks. I'm talking about the F14 libcap update, where only one
>> proventester cared to test the updated package and commented on it.
>> Sure, it is only a minor security issue, but shouldn't security updates have priority in
>> testing over any pet packages you have ?
>> Security updates certainly take preference for me as I'm trying to get them submitted as
>> early as possible. But when a package sits in -testing for such a long time I need to ask
>> myself why I should bother with doing timely security updates at all.
>
> The problem is really that not enough people test old releases. Barely
> any proventesters are on F14. If you look it's hardly just your update
> that's waiting on karma, there are quite a few waiting for F14.
>
> I've had 'do f14 karma' on my todo list for about a week and a half, but
> f16 keeps eating the time.
>
> I've mentioned this several times and floated a few ideas to fix it (as
> have others), but they haven't really gone anywhere. I haven't seen any
> indication that FESCo (which defined the update requirements - it's not
> a QA thing) considers it a big problem.
One thing I have noticed is that once an update hits the 2 week "old
update" period they seem to drop off the updates email that goes out
and lists the updates that still need testing, is there a reason for
that?
Peter
More information about the test
mailing list