Self-Introduction: Toshio Kuratomi
Jaap A. Haitsma
jaap at haitsma.org
Wed Dec 17 21:31:59 UTC 2003
Toshio wrote:
> I'd be willing to do QA if I knew what the term means in this context.
> I've seen a lot of discussion but not seen any conclusion. Does QA mean
> -- It runs(RPM)? It compiles(SRPM)? I've checked that the Sources and
> patches come from legitimate places? I have time on my hands right now
> so I'd certainly be willing to do these things. Auditing source code is
> another matter entirely -- I'm not a crack programmer and I barely know
> where to begin with that. I'd feel very uncomfortable signing off on a
> package if that's what QA is supposed to entail. A good, "canonical"
> post on the wiki clarifying what QA is, and some step-by-step guides to
> doing it would be marvelous.
There were some discussions a while a ago about this topic a while ago.
Though I started the thread with a different topic
You migth be interested in going over the thread.
http://www.redhat.com/archives/fedora-devel-list/2003-December/msg00319.html
There was discussion about dropping the source auditing kind of stuff,
which in my personal opinion is very difficult if you do not have
intimate knowledge of that code even if you are a crack programmer and
furthermore is very time consuming. The idea was to only check the MD5
of the upstream tarballs
Jaap
More information about the fedora-devel-list
mailing list