[Mageia-dev] Security Update Process

Thierry Vignaud thierry.vignaud at gmail.com
Mon May 16 18:08:59 CEST 2011


On 16 May 2011 18:05, Ahmad Samir <ahmadsamir3891 at gmail.com> wrote:
>>> Mageia 1 is approaching quickly and we need to get our process in place
>>> for security updates. We talked a bit about it a few weeks ago, and I
>>> started a wiki page, but it needs more detail. Anne and I chatted on IRC
>>> and it looks like we'll want to cutoff the "on the iso " updates at the
>>> end of this week, so we need a process in place to release post-iso updates.
>>>
>>> ref: http://mageia.org/wiki/doku.php?id=security
>>>
>>> As I see it, initially we need, in no particular order:
>>>
>>> 1) a means to build updates for the release (iurt setup for mga1?)
>>
>> A iurt setup for mga1 will exist anyway, what is missing is a way to
>> later upload to non public place.
>> Initially, we can just setup youri to restrict submitting a build to
>> updates_testing or updates to the secteam and it should be enough.
>>
>
> Ideally packagers should be able to submit to update_testing when they
> want to push a fixed package to ask for testing. So restricting
> submitting to updates sounds more logical?

What's more that matches what we were doing back @mdv.
The process was:
- trusted packagers upload into main/testing,
- all packager can upload into contrib/testing,
- ticket (for main/*) is opened & assigned to qa
- people || qa test
- if tests succeed, ticket is assigned to secteam
- secteam rebuild with its own sig & push the package


More information about the Mageia-dev mailing list