QA process was Re: RPM submission procedure
Panu Matilainen
pmatilai at welho.com
Fri Jan 9 17:01:13 UTC 2004
On Fri, 9 Jan 2004, Jef Spaleta wrote:
> Panu Matilainen wrote:
> > Just an off-the-cuff idea: if one trusted, or two untrusted
> > developers vote a package ready to move to "upwards" it should be moved ?
> > (assuming that one PUBLISH vote from untrusted developer is enough to get
> > a package into testing/unstable)
>
> So what yer saying is... if my friend and I, see something we want
> sitting in QA, I can tell him, and we can make half-hearted attempts
> as untrusted people to do QA and both setting the +1 publish note
> without actually doing the QA checklist at all....and get it out and
> built? Seems there has to be an emergency stop button somewhere to
> prevent me from not making an effort to do the QA work. Seems in the
> untrusted space -1 publish comments need to matter too. Because i can
Sure. Of course two trusted developers "teaming up" can get packages
published very quickly as well, with half-hearted QA if they wish (and I
sure hope everybody respects their "trusted" status not to do it - not
that I'm claiming anybody doing this but the chance is there).
There's the pending-state of course where anybody can verify/veto a
package.. and then the release managers who can veto it if they suspect
foul play. Far from foolproof, I agree - better ideas more than welcome.
> certainly see user interest in short-cutting the process to get packages
> out of QA faster, tempting the use of +1 publish inappropriately by
> untrusted people. But I can't really see a compelling misuse of the -1
Well, you're signing "this matches upstream md5sum and seems ok" by your
gpg signature, it *ought* to mean something to people. And again, I'm
talking about getting the packages to testing/unstable by just one
untrusted vote, which anybody can veto from being published.
> publish comment by untrusted people, holding up packages just to be an
> ass, isn't really a compelling interest in more than 1 or 2 people in
> the userbase( well 3 counting me).
Holding up packages just to be an ass.. well, that's another story :)
- Panu -
More information about the fedora-devel-list
mailing list