[Mageia-dev] Security Update Process

Ahmad Samir ahmadsamir3891 at gmail.com
Mon May 16 20:15:05 CEST 2011

On 16 May 2011 18:08, Thierry Vignaud <thierry.vignaud at gmail.com> wrote:
> On 16 May 2011 18:05, Ahmad Samir <ahmadsamir3891 at gmail.com> wrote:
>>>> Mageia 1 is approaching quickly and we need to get our process in place
>>>> for security updates. We talked a bit about it a few weeks ago, and I
>>>> started a wiki page, but it needs more detail. Anne and I chatted on IRC
>>>> and it looks like we'll want to cutoff the "on the iso " updates at the
>>>> end of this week, so we need a process in place to release post-iso updates.
>>>> ref: http://mageia.org/wiki/doku.php?id=security
>>>> As I see it, initially we need, in no particular order:
>>>> 1) a means to build updates for the release (iurt setup for mga1?)
>>> A iurt setup for mga1 will exist anyway, what is missing is a way to
>>> later upload to non public place.
>>> Initially, we can just setup youri to restrict submitting a build to
>>> updates_testing or updates to the secteam and it should be enough.
>> Ideally packagers should be able to submit to update_testing when they
>> want to push a fixed package to ask for testing. So restricting
>> submitting to updates sounds more logical?
> What's more that matches what we were doing back @mdv.
> The process was:
> - trusted packagers upload into main/testing,
> - all packager can upload into contrib/testing,

(Off-topic: I am not sure this was the case in mdv in the past
2-3years at least, all packagers could submit into main/testing....).

> - ticket (for main/*) is opened & assigned to qa
> - people || qa test
> - if tests succeed, ticket is assigned to secteam
> - secteam rebuild with its own sig & push the package

Ahmad Samir

More information about the Mageia-dev mailing list