[Mageia-dev] Security updates - Help needed (also forgot avidemux and gstreamer0.10-ffmpeg)

AL13N alien at rmail.be
Fri Jul 6 08:09:04 CEST 2012 

Op donderdag 5 juli 2012 20:34:08 schreef David Walser:
> AL13N wrote:
> > this is a good point: "BTW, a missing dependency should not be
> > considered a blocking issue as it can be easily fixed by the end user.
> > Especially for a security update, as he probably already done it."
> > 
> > also, not sure, but it seems the tester was unawere of perl-CGI-Fast being
> > not really required (i think).
> > 
> > still, IRC meeting yesterday seemed to conclude that security or major bug
> > updates cannot be majorly delayed by bugs, it is however ok, to ask
> > packager to do a quick fix for something at the same time.
> > 
> > still, for this issue, it seems also that there was a month delay due to
> > not setting assigned back. or even setting NEEDINFO.
> 
> Incorrect.  There was a month delay because the packager who first submitted
> it to QA failed to provide an update for Mageia 2.  That person also failed
> to make any comment whatsoever, while being aware that questions had been
> raised.
> 
> Let me be clear, I know we're all busy, and I don't expect things to be
> fixed right away all the time.  However, we need to communicate.  Even if
> you don't have time to fix something, if you know there are issues, and you
> have some input to give on it, give it.  I really don't appreciate being
> ignored for a month, and then when someone else tries to help, all of
> sudden you (not you Maarten) finally speak up and complain about what has
> been done.

i do understand, however, as i said, even though QA might be ignored, i think 
QA still would have to validate it, when QA reads this and sees no response, 
imho :-( .

> > also, i notice that noone seemed to have pointed out the tester that in
> > fact that dependency isn't required.
> 
> But it is used by the default configuration, so a suggests is appropriate. 
> Our packages should be functional out of the box.

iiuc, the qa team member says it's required, and not suggested, and noone from 
packaging team thought about mentioning that it should be a suggests. (of 
course, i didn't know this, but suspected it)

> > i also see that some sentences look harsh to one of both sides here. (or
> > at
> > least to me).
> 
> Yes, that is true.  Both sides could tone it down, and it is really not
> appropriate to have that kind of argument in public on Bugzilla (IMO).

More information about the Mageia-dev mailing list