Separating the roles of the QA process

Pekka Savola pekkas at netcore.fi
Thu Dec 16 07:01:58 UTC 2004 

Hi,

In order to streamline the Fedora Legacy process, I've the following 
suggestion for enhancing the role separation of QA testing:

  1) The submitter of packages builds them, and tests whether the new 
packages work ("these packages should be OK, I've tested them")

   XXX: does this place too much burden on the package submitter ?

  2) The PUBLISH QA is only obligated to check that the modifications 
seem OK -- the sources have not been tampered with, the patches come 
from some reliable source or are otherwise OK, the spec file changes 
are minor, etc.

     PUBLISH QA is also charged with identifying that the patches made 
actually fix the vulnerabilities that the update is trying to fix.

     PUBLISH QA should be done for all the .src.rpm packages for all 
the distribution versions if possible.

    * PUBLISH QA is *not* charged with rebuilding the package, 
installing the binary RPM, or testing it.  It can do this of course. 
The main purpose is to just quickly make sure that the submitted 
packages _seem_ to be OK, and should be rebuildable in mach.

  3) the VERIFY QA is obligated to:
    - check the GPG signature and checksum of the packages
    - install it, run it, test if it works.
    - running rpm-build-compare.sh on the binaries to see if there have 
been any significant changes (e.g., to the libraries used)

   * VERIFY QA optional tasks are:
    - running rpm-build-compare.sh to the SRPM and/or other tasks 
related to PUBLISH QA.

Justification:  currently PUBLISH QA is not being done especially for 
obscure packages that no one is really using, because it's difficult 
to rebuild and install and test them.  We need to make this available 
to *anyone*, even to those who don't run the Red Hat version in 
question.

This makes updates-testing a bit more literally "testing", but IMHO 
that's not a problem.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

More information about the fedora-legacy-list mailing list