[Mageia-dev] Finalizing update process
Thomas Backlund
tmb at mageia.org
Wed Jun 15 14:20:40 CEST 2011
Michael Scherer skrev 15.6.2011 15:10:
> Le mercredi 15 juin 2011 à 07:55 -0400, Stew Benedict a écrit :
>> On 06/12/2011 08:25 AM, Angelo Naselli wrote:
>>> In data mercoledì 8 giugno 2011 23:53:51, Ahmad Samir ha scritto:
>>>>>> Right, I probably phrased that one wrongly; I meant:
>>>>>> fixes a serious bug, e.g. crashing, segfaulting
>>>>> I don't think we should exclude non-serious bugs :)
>>>> Depends, overworking the sec team doesn't look like a good aspect...
>>>> (that's why I liked contrib in mdv, I could push an update any time,
>>>> without having to go though the bug report -> QA -> Sec team loop).
>>> Well here we could stop at QA team step, or at least someone more that can
>>> test and say that the fixing is good...
>>>
>> So,
>>
>> We've had a lot of discussion, which is good, but imho we need to start
>> getting some updates out the door. Users are asking for them and the
>> CVEs just keep rolling in.
>>
>> As I understand it, the mechanics are in place to issue updates, and
>> I've put together a page as a first pass at a policy, based on my memory
>> of how things worked in the past and what I've picked up from the
>> discussion.
>>
>> http://mageia.org/wiki/doku.php?id=updates_policy
>>
>> Randomly, I'm targeting 2 bugs to push through, to test the process:
>>
>> https://bugs.mageia.org/show_bug.cgi?id=1084 (vde2, app crashes)
>> https://bugs.mageia.org/show_bug.cgi?id=1521 (subversion, security issue)
>>
>> Now, first problem is we still don't have a maintainer database, so who
>> gets the assignment, the person that first imported the package?
>> Perhaps this is the first change to the policy - maintainer or any
>> interested packager initiates the update
>
> Sound sensible, yes.
>
> The idea IMHO is not to prevent people for doing the work if they wish,
> but if there is no volunteer, it should be the duty of someone, and this
> someone is the maintainer.
> Now, we do not have a official maintainer db, but the test instance is
> still here afaik. So yes, picking someone from the list of person that
> committed would do the trick.
>
BTW, should we have a read-only security/update-announce ml that where
we mail about all updates ?
--
Thomas
More information about the Mageia-dev
mailing list