pushing packages to stable

Thorsten Leemhuis fedora at leemhuis.info
Fri Oct 24 18:30:05 UTC 2008 

On 24.10.2008 16:38, Dennis Gilmore wrote:
> 
> Yesterday a request to move a package to stable early was made.  I denied it 
> because the reason given was "due to popular customer demand"  there is no way 
> to measure that. and the next stable push will be just over a week away. 
 >
> To Date the only reason that packages have been pushed to stable early has 
> been security issues.

Sorry, but that's not incorrect. I in the past now and then did push 
some packages by packagers request if there was a good reason for it. Of 
course "due to popular customer demand" alone is not enough reason.

Security bugs are of course one (very) good reason, but not the only one 
to move a new package to the proper repos quickly -- sometimes other 
bugsfixes are just as important to send out quickly, hence we should 
push them as soon as possible.

>   if you point epel_signers at a bug that mentions a CVE 
> we will push the package to stable.

That is not how we handled it in the past. What EPEL Steering Committe 
agreed on a few months ago was added to the FAQ in the Wiki:

"""
   What do I need to do if I need to get a updated package quickly into 
the EPEL proper?

If you want to see a package moved from the testing or needsign repos to 
the proper EPEL repos (for example to fix important (security) bugs) 
please test the package once it got build; if it works well send a mail 
asking for this move to [[MailTo(epel_signers-members AT fedoraproject 
DOT org )]
"""

We should enhance this; the request for moving should include the reason 
for the move.

>  But i wanted to open up the discussion here.

Such a rule like the you outlined above IMHO would be stupid bureaucracy 
-- a hurdle that makes life for packagers hard, as they for each and 
every bug would have to open a bug. That's something most packagers 
don't want to do. They just want to commit the package and tell somebody 
"hey, this update fixes a security bug; I tested this, it works; please 
move to the proper repos as soon as possible." Which often worked fine; 
I even did it often if somebody on IRC just said to me "hey, can you 
move this please, as it fixes a important bug"; that was low overhead 
and worked just fine for everybody. Especially as that way we can fix 
bugs that don't (yet) have a CVS entry.

>  EPEL is supposed to be stable and slower moving than fedora.

Fully agreed. But it should not be moving slower then RHEL, as even Red 
Hat pushes enhancements as regular updates now and then. We should do 
the same in EPEL if there is a good reasons.

>  the package in question happened to be built yesterday.

Then of course it's unacceptable to move if there is no good reason 
(which we might not aware of yet).

>  and it was an update of an existing package.

Which is irrelevant -- the packager might be aware of crucial 
data-corruption bug in the package that needs to be fixed quickly to 
avoid further problems for users (but for the package is question that 
afaics was not the case)

>  so it really should live in testing for a little while.

+1 for the package in question

 > [...]

Cu
knurd

More information about the epel-devel-list mailing list