[Mageia-dev] Finalizing update process

Christiaan Welvaart cjw at daneel.dyndns.org
Wed Jun 8 18:57:40 CEST 2011


On Wed, 8 Jun 2011, Michael Scherer wrote:

> Le mercredi 08 juin 2011 à 10:40 +0200, Anne nicolas a écrit :
>> Hi there
>>
>> We have some stuff to complete here:
>> http://mageia.org/wiki/doku.php?id=security
>>
>> <http://mageia.org/wiki/doku.php?id=security>Can we spend the 2 or 3 coming
>> days to finalize it and start updates submits?
>
> Pascal is working on this.
>
> So here is a proposal :
> - anybody can submit a package to updates_testing.
> - once submitted to testing, it should ask to QA to test, along with :
>  - a reason for the update ( likely bug number )
>  - potentially a priority ( ie, if this is just a translation update or
> a urgent 0 day exploit )
>  - a way to test the bug and see it is fixed
>  - text for the update

> - qa validate the update ( with process to define )

> - someone move the package from updates_testing to testing

Someone from security (stable updates) team I guess?

> - the bug is closed
> - a announce is sent ( on various medias to be defined ), with the text
> of update

So who decides to reject an update and at what point? According to your 
proposal, either QA people decide this or they waste time on updates that 
later get rejected.

> So the points are :
> - no update can be uploaded without QA validation

What does 'QA validation' mean exactly, can only certain people do it...?

> - QA manage the checks, and so will requires help ( hence the security
> team or any packager can help, provided they know how to do QA )

So a packager wants to fix a bug in package that is not very visible, 
sends it to QA, then has to test it anyway? I'm not sure what you're 
saying here.


     Christiaan


More information about the Mageia-dev mailing list